[ad_1]
A report of TechCrunch details three new serious security loopholes in 4G and 5G networks, one of which concerns the four major US carriers, as well as many other networks in the world. These vulnerabilities allow attackers to locate the user and intercept phone calls.
It is interesting to note that the flaws discovered by researchers at Purdue University and the University of Iowa affect 4G and 5G. Syed Rafiul Hussain, Ninghui Li, Elisa Bertino, Mitziu Echeverria and Omar Chowdhury have already shared their findings with leading wireless operators in the United States.
"Anyone familiar with cell paging protocols can lead this attack," Syed Rafiul Hussain, one of the co-authors of the paper, told TechCrunch in an email.
Torpedo is the name of the first flaw that AT & T, Verizon, T-Mobile and Sprint users (and others) are likely to allow attackers to track the location of their smartphones. Here's how it works:
The first is Torpedo, which exploits a weakness of the paging protocol that operators use to notify a phone before a call or a text message reaches them. The researchers found that multiple phone calls made and canceled over a short period of time can trigger a paging message without alerting the target device of an incoming call that an attacker can use to locate the victim. Knowing the paging opportunity of the victim also allows an attacker to hijack the paging channel and inject or reject paging messages, by spoofing messages such as Amber Alerts, or by blocking messages, the researchers say. .
Torpedo also allows attackers to take advantage of two other flaws:
Piercer, who, according to researchers, allows an attacker to determine an international mobile subscriber identity (IMSI) on the 4G network; and the well-named IMSI-Cracking attack, which can forcibly force an IMSI number into 4G and 5G networks, where IMSI numbers are encrypted.
Researchers say that an attacker only needs about $ 200 worth of equipment to take advantage of the Torpedo Fault. Notably, many other networks around the world are also vulnerable to these attacks.
Given that two of the attacks exploit loopholes in the 4G and 5G standards, almost all cell networks outside the United States are vulnerable to these attacks, Hussain said. Several networks in Europe and Asia are also vulnerable.
Researchers do not publish the validation code at this stage for security reasons. In addition to the operators, they also shared the faults with the GSM association.
The fixes will require work from both the operators and the GSM association.
Hussain said the Torpedo and IMSI-Cracking flaws should first be corrected by the GSMA, while a solution for Piercer only depended on carriers. The torpedo remains the priority because it precedes other defects, said Hussain.
Check 9to5Mac on YouTube for more information on Apple:
[ad_2]
Source link