Cybercriminals Can Attack Both 4G And 5G By Exploiting These Three Flaws

Experts have found out about three weak spots in both 4G and 5G of broadband cellular network, which can allow wrongdoers block phone calls or collect data on the whereabouts of phone users.

The researchers said in their paper that cybercriminals can exploit the flaws in the cellular paging protocol. When a phone is in the idle state, which means it is not currently connected to a base station, it needs notification to know that there is a phone call or a message coming, which is when paging protocol kicks in. The system strikes a balance between keeping the phone from draining its battery too fast and receiving the contact in time.

This is the first time some shortcomings can be used on both systems, especially the latter, which is believed to bring better connection and effective protection against IMSI catchers. However, it seems like the shields 5G can enable, which is hoped to be a better defence against cybercriminals preying on people’s phone calls, have already had the potential to be disabled.

According to Syed Rafiul Hussain, this kind of attack did not require an expert understands of cellular paging protocols. He and his co-authors of this finding announced the results at the Network and Distributed System Security Symposium on the 26th of February.

They also shed some light on the way cybercriminals may use to take advantage of the flaws. The first intervention they may use is Torpedo (stand TRacking via Paging mEssage DistributiOn), which can interfere with the paging protocol and locate a mobile device. This primary mean can also be used to send paging messages or carry out DoS attacks, which shuts down a network or a machine making them unavailable for users.

After Torpedo come two other attacks. The first one is Piercer (stand for Persistent Information ExposuRe by the CorE network), which can reveal the victim’s international mobile subscriber identity (or IMSI) to the attacker. The last one is the IMSI-Cracking, which can be used on both 5G and 4G. It is carried out after Torpedo has revealed the device IMSI’s seven bits of information. With the brute force attack it launches, the victim’s IMSI will fall right in the hand of the attacker.

With the knowledge of the three attacks, even the 5G is vulnerable from the effect of IMSI catchers, which intelligence agencies and law enforcement used to intercept cellphone traffic and track users’ location.

Hussain pointed to four American telecommunication companies as the potential victims of Torpedo, including AT&T, Sprint, T-Mobile and Verizon. The equipment needed to launch the attack can be bought with a price of $200. Another company might be under Piercer but he did not elaborate on this last one. So far, none of the four corporations has made comment on this matter. Outside of the US, it is safe to say that the majority of networks in the world can fall under the threat of these attacks.

While the 4G was advertised to be safer than its predecessor, research has shown that it can be under the same attacks that can defeat the 3G. As invasions are getting more sophisticated, they take advantage of the weak spots of the SS7, a protocol for telephone signalling which tells a network how to route a call, to carry out criminal acts like emptying bank accounts. The 5G, which is another system that thought to be more secure than any other before it, is also revealed to bears similar shortcomings.

The weak spots have already been presented to the GSMA (Global System for Mobile Communications), which is a trade body that appears for the mobile network operators in the world. The organization has admitted that these flaws existed. However, GSMA has not announced anything further about this matter or measures they would take to prevent the attacks.

According to Hussain, two out of the three attacks are GSMA’s responsibility, including Torpedo and IMSI-Cracking. The last one, Piercer, is something carriers can determine. Finding a method to prevent Torpedo is arguably the most pressing issue as it is the primary attack that can pave the way for the other two.

Last year, about this time, Hussain also announced another work that disclosed the details on 4G’s 10 weak spots that may allow cybercriminals to listen to phone calls and read their messages.