Brother
Professional
- Messages
- 2,590
- Reaction score
- 533
- Points
- 113
A joint research team from Purdue University and Iowa State University (USA) has discovered a number of new vulnerabilities in 4G and 5G technologies that can be used to intercept calls and track users' geo-locations.
Challenges affect both 4G and the more secure fifth generation (5G) mobile standard. The attack techniques developed by the researchers are designed to bypass 5G security measures designed to make it harder for mobile users to be spied on. According to them, "any person with minimal knowledge of the operation of cellular communication protocols can conduct an attack."
The first method, called ToRPEDO (TRacking via Paging mEssage DistributiOn), exploits a flaw in the protocol that mobile operators use to notify devices before an incoming call or text message. Experts have found that making and canceling several calls in a short period of time initiates the sending of a paging message without notifying the device about an incoming call, which can be used by an attacker to determine the user's location. With this information, an attacker will be able to intercept the paging channel and replace messages or block them altogether.
ToRPEDO provides the ability to perform two more attacks - Piercer (allows you to determine the international IMSI in the 4G network) and IMSI-Cracking, which can be used to brute force encrypted IMSI in 4G and 5G networks.
According to the researchers, the vulnerability affects the four largest telecom operators in the United States (AT&T, Verizon, Sprint and T-Mobile), as well as a number of operators in Europe and Asia. As noted, the attacks will not require large costs - the necessary radio equipment will cost about $ 200. Experts do not intend to publish the PoC code of the attack, so as not to put users at risk.
Researchers have already passed information on the vulnerabilities to the International Association of GSM Operators (The GSM Association). The organization acknowledged the problem, but did not say when it would be fixed.
Recall that last June, a group of researchers from the Ruhr and New York Universities published a report in which they described three types of attacks that exploit vulnerabilities in the 4G LTE standard. In December 2018, experts from the Association for Cryptological Research disclosed information about a vulnerability in the AKA protocol, which allows tracking subscribers of 3G - 5G networks.
The International Association of GSM Operators is an organization uniting about 700 GSM mobile operators from 218 countries. Develops various standards and guidelines for GSM operators. Plays a leading role in eliminating technical and technological barriers to the creation and development of client services based on the GSM standard, and also in every possible way contributes to the spread of GSM networks in developing countries.
