These newly discovered flaws are the first known problems afflicting both 4g and 5g networks. Ironically, 5g was promoted as being more secure than generations past, but security researchers say the "better" protections that were promised can be easily beaten with new attack methods. To make matters worse, the experts say anyone with a modicum of knowledge regarding cellular paging procedures can exploit these vulnerabilities.
Researchers from Purdue University and the University of Iowa teamed up to put 4g and 5g networks to the test, and what they found was shocking: Even the supposedly more secure 5g network can still be exploited with relative ease.
Three major flaws were discovered: Torpedo, Piercer and IMSI Cracking are all attacks that malicious actors can carry out over these networks.
As Daily Mail reports, Torpedo "takes advantage of a flaw in a network's paging protocol," and is the worst of the three attacks. Paging protocols make up the system which notifies phones of incoming texts and phone calls. By exploiting this vulnerability, attackers can track a victim's location.
Carrying out a Torpedo attack requires just a $200 device for placing the phone calls.
All an attacker has to do is place and cancel "a flurry" of phone calls within a short span of time. This causes a paging message to be sent, without alerting the target to an incoming call. From there, your location can be tracked by a malicious actor.
Torpedo also lets attackers hijack the paging channel, giving them room to inject fraudulent messages and deny phone calls. Engaging a Torpedo attack also paves the way for malicious actors to carry out two other attacks: Piercer and IMSI cracking.
As Tech Crunch reports, Piercer "allows an attacker to determine an international mobile subscriber identity (IMSI) on the 4G network." Meanwhile, IMSI-Cracking attacks "can brute force an IMSI number in both 4G and 5G networks, where IMSI numbers are encrypted."
IMSI cracking allows for all kinds of snooping tactics -- including tracking methods used by police (known as "stingrays") to track a person's real-time location.
According to the researchers, all four major mobile carriers in the United States are vulnerable to these attacks. That includes AT&T, Sprint, T-Mobile and Verizon. With more advanced devices, attackers can even use these attacks to intercept phone calls and text messages.
Study co-author Syed Rafiul Hussain told Tech Crunch in an email, "Any person with a little knowledge of cellular paging protocols can carry out this attack."
The team has since reported these vulnerabilities to GSMA, an organization that sets cellular standards for the telecom industry. According to reports, GSMA can fix the Torpedo and IMSI cracking vulnerabilities, but carriers will have to address the Piercer problem on their own.
5G has already been under immense scrutiny for the potential threat it poses to human health; numerous studies have linked exposure to cellphone radiation to a myriad of adverse health effects -- including cancer. Now, it appears this "better" network isn't even secure.
Read more about the latest controversies in tech and more at InformationTechnology.news.
Sources for this article include: