WITH 5G PHONES all the rage at MWC in Barcelona, it's with a certain degree of comic timing that researchers from Purdue and Iowa Universities have revealed a handful of security flaws that could allow unscrupulous types to snoop on phone users.
To be entirely fair, the problems affects both 4G and 5G, but that's probably not too reassuring, given the bugs could let someone into both intercept calls and track a user's location.
The first of the vulnerabilities is called Torpedo and exploits a weakness in the paging protocol which alerts your phone to incoming calls or texts. By starting and cancelling a bunch of calls in quick succession, you can send a paging message to the device without actually triggering an alert. Not only does this leave the door open to blocking or inserting messages, but it can also lead to two more attacks.
These are called Piercer and IMSI-Cracking, which use different methods but achieve the same thing. They let an attacker figure out your unique IMSI (International Mobile Subscriber Identity) number which leaves you wide open to remote eavesdropping, or even less welcome stalking.
"Any person with a little knowledge of cellular paging protocols can carry out this attack," Syed Rafiul Hussain, one of the paper's authors, told TechCrunch, going on to explain that a Torpedo attack could be carried out with just $200 worth of radio equipment.
Given the attack hits 4G and 5G standards, networks are in danger all over the world - which is why the researchers haven't shared their proof-of-concept code. The GSMA knows of the issue and will hopefully be taking steps to neuter Torpedo and IMSI-Cracking, but Piercer will need individual carriers to take action. µ
Chinese firm's week has somehow got worse
Software issue plagues early adopters
Security researcher makes good on her promise
Artificial artificial intelligence