Security breach in 4G/5G networks let attackers to intercept calls and track locations

A newly discovered security flaw in both 4G and 5G networks allows attackers to have the ability to intercept calls and track locations. According to a new report from TechCrunch, Omar Chowdhury and Mitziu Echeverria at the University of Iowa and Syed Rafiul Hussain along with Ninghui Li and Elisa Bertino at Purdue University, have found three new security flaws in 4G and 5G.

Omar says that all of the four carriers in United States  suffer from the vulnerabilities on the network end. “Any person with a little knowledge of cellular paging protocols can carry out this attack,” said Syed Rafiul Hussain, one of the co-authors of the paper.

The paper, seen by TechCrunch prior to the talk, details the attacks: the first is Torpedo, which exploits a weakness in the paging protocol that carriers use to notify a phone before a call or text message comes through.
The researchers found that several phone calls placed and cancelled in a short period can trigger a paging message without alerting the target device to an incoming call, which an attacker can use to track a victim’s location.

This is terrible.

Knowing the victim’s paging occasion also lets an attacker hijack the paging channel and inject or deny paging messages, by spoofing messages like Amber alerts or blocking messages altogether, the researchers say.

The attacks can be carried out using the equipment costing no more than $200. Almost all the wireless cellular networks outside the United States are vulnerable to these attacks, as are many cellular networks operating in Europe and Asia.

How to stay safe from security flaw ?  

A fix for these flaws will require work from the GSM Association (GMA) and carriers. Torpedo remains the priority as it precursors the other vulnerabilities. For security reasons, the researchers have opted against releasing the proof-of-concept code to exploit the flaws.