For the most part, when we make or receive a phone call, we expect a certain degree of privacy and security where we mostly assume that our calls aren’t being spied on and our conversations aren’t being listened on either. Unfortunately, a recently discovered flaw in 4G and 5G networks has cast some doubt on those assumptions.
A group of researchers, Syed Rafiul Hussain, Ninghui Li, and Elisa Bertino from Purdue University and Mitziu Echeverria and Omar Chowdhury at the University of Iowa, have recently discovered a flaw in 4G and 5G in which if exploited, could, in theory, allow an attacker to intercept your phone calls and track your phone’s location.
One of those attacks, called Torpedo, exploits a weakness in the paging protocol (which is what carriers use to notify a phone before a call or text comes through). It has been discovered if calls are placed and canceled in a short period of time, it can trigger the paging protocol without alert the target, but at the same time give the attacker the location of their victim.
The Torpedo attack also opens up the door to more attacks, one of which is called Piercer which lets attackers determine the IMSI on a 4G network, thus opening up devices like “stingrays’ which are typically used by law enforcement. This can then be used to determine the user’s real-time location and log all phones within its range, with more advanced devices said to be capable of even intercepting calls and messages.
The researchers claim that in the US, all four of the major carriers are susceptible to the Torpedo attack. The researchers are expected to present their paper at the Network and Distributed System Security Symposium in San Diego on Tuesday.