A newly discovered security flaw in both 4G and 5G networks allows attackers to have the ability to intercept calls and track locations. According to a new report from TechCrunch, Omar Chowdhury and Mitziu Echeverria at the University of Iowa and Syed
Rafiul Hussain along with Ninghui Li and Elisa Bertino at Purdue
University, have found three new security flaws in 4G and 5G.
Omar says that all of the four carriers in United States suffer from the vulnerabilities on the network end. “Any person with a little knowledge of cellular paging protocols can carry out this attack,” said Syed Rafiul Hussain, one of the co-authors of the paper.
Omar says that all of the four carriers in United States suffer from the vulnerabilities on the network end. “Any person with a little knowledge of cellular paging protocols can carry out this attack,” said Syed Rafiul Hussain, one of the co-authors of the paper.
The paper, seen by TechCrunch prior to the talk, details the attacks: the first is Torpedo, which exploits a weakness in the paging protocol that carriers use to notify a phone before a call or text message comes through.This is terrible.
The researchers found that several phone calls placed and cancelled in a short period can trigger a paging message without alerting the target device to an incoming call, which an attacker can use to track a victim’s location.
Knowing the victim’s paging occasion also lets an attacker hijack the paging channel and inject or deny paging messages, by spoofing messages like Amber alerts or blocking messages altogether, the researchers say.The attacks can be carried out using the equipment costing no more than $200. Almost all the wireless cellular networks outside the United States are vulnerable to these attacks, as are many cellular networks operating in Europe and Asia.
How to stay safe from security flaw ?
A fix for these flaws will require work from the GSM Association (GMA) and carriers. Torpedo remains the priority as it precursors the other vulnerabilities. For security reasons, the researchers have opted against releasing the proof-of-concept code to exploit the flaws.
0 comments:
Post a Comment