A group of university researchers have found three major security flaws in 4G and 5G technology which could allow hackers to access your location, intercepting phone calls and targeted phishing attacks. What’s most alarming about these flaws is that the can be exploited using radio equipment worth $200. Not RTGS$ but actual US dollars.
How can hackers access your phone?
Torpedo, the first attack, exposes a weakness in the protocol that signals a handset of an incoming call or SMS message. If a hacker places a number of calls and cancels them in quick succession they trigger a paging message without the target’s knowledge. This message can then be used to track the location of the target. According to GSM Arena, “This paging message also reveals the channel on which the target is receiving messages, which the attacker can use to spoof Amber alert messages or block messages from arriving altogether.”
The second attack, known as piercer, allows the hacker to get the International Mobile Subscriber Identity (IMSI) by using a brute force attack. It’s accessed through the first attack but unfortunately is more severe and can be taken advantage of by law enforcement agencies as they can use ‘stingray devices’ which tap into cell towers in order to intercept calls and read texts.
What can be done?
These flaws can be pretty dangerous and thus the researchers who stumbled upon them are not releasing the proof-of-concept code used to exploit these flaws. The flaws have been reported to GSMA – the body of the wireless industry representing interests all mobile operators worldwide- and hopefully this is one of those things that can be patched going forward or else users can expect a world of pain.
The reports focusing on these flaws were speaking specifically of US carriers and hopefully, the flaws are not worldwide or at least they don’t affect us, though that might be unlikely as the equipment used for telecoms infrastructure is usually similar.
2 comments
These flaws are just a manifestation of old flaws in the GSM stack. They haven’t found any new per se, in most instances.
Hahahaha u guys hanzi Not RTGS$ but actual US dollars., you killed me right there