Latest in Gear

Image credit:

Security flaws in 4G and 5G allow snooping on phone users

You could intercept calls and track a phone's location.
Jon Fingas, @jonfingas
February 25, 2019
Share
Tweet
Share

Sponsored Links

Angel Garcia/Bloomberg via Getty Images

Security researchers are already poking holes in 5G mere months into its existence. They've discovered three flaws in 4G and 5G that could be used to intercept phone calls and track someone's location. The first and most important, Torpedo, relies on a flaw in the paging protocol that notifies phones of incoming calls and texts. If you start and cancel several calls in a short period, you can send a paging message without alerting the device to a call. That not only lets you track the device's location, but opens the door to two other attacks.

One of these, Piercer, lets you determine the unique IMSI number attached to a user. on a 4G network An IMSI-Cracking attack can guess the IMSI number through brute force on both 4G and 5G. This makes it possible to snoop on calls and location info through devices like Stingrays even if you have a brand new 5G handset. Torpedo can also insert or block messages like Amber alerts.

The vulnerabilities potentially affect most any 4G or 5G network in the world, although the degree varies widely. All four of the largest US carriers (AT&T, Sprint, T-Mobile and Engadget parent Verizon) are susceptible to Torpedo, while one unnamed network could also fall prey to Piercer.

These aren't permanent flaws, although the fixes will take some time. Torpedo and IMSI-Cracking would require solutions directly from the industry's cellular standards body, the GSMA (which knows about the issue). Piercer would require the carriers to step in. Thankfully, you probably won't see this in the wild when the researchers are keeping the exact methods a secret. It's still concerning, though, and could prove dangerous if someone independently develops attacks before there are defenses in place.

Verizon owns Engadget's parent company, Verizon Media. Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Trump executive order seeks to ban TikTok, WeChat 'transactions' in 45 days

Trump executive order seeks to ban TikTok, WeChat 'transactions' in 45 days

View
Disney has no idea what it's doing with 'Mulan'

Disney has no idea what it's doing with 'Mulan'

View
Our readers get real about their issues with the AirPods Pro

Our readers get real about their issues with the AirPods Pro

View
20GB of Intel internal documents were leaked online

20GB of Intel internal documents were leaked online

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr