Latest in Gear

Image credit: Angel Garcia/Bloomberg via Getty Images

Security flaws in 4G and 5G allow snooping on phone users

You could intercept calls and track a phone's location.
622 Shares
Share
Tweet
Share

Sponsored Links

Angel Garcia/Bloomberg via Getty Images

Security researchers are already poking holes in 5G mere months into its existence. They've discovered three flaws in 4G and 5G that could be used to intercept phone calls and track someone's location. The first and most important, Torpedo, relies on a flaw in the paging protocol that notifies phones of incoming calls and texts. If you start and cancel several calls in a short period, you can send a paging message without alerting the device to a call. That not only lets you track the device's location, but opens the door to two other attacks.

One of these, Piercer, lets you determine the unique IMSI number attached to a user. on a 4G network An IMSI-Cracking attack can guess the IMSI number through brute force on both 4G and 5G. This makes it possible to snoop on calls and location info through devices like Stingrays even if you have a brand new 5G handset. Torpedo can also insert or block messages like Amber alerts.

The vulnerabilities potentially affect most any 4G or 5G network in the world, although the degree varies widely. All four of the largest US carriers (AT&T, Sprint, T-Mobile and Engadget parent Verizon) are susceptible to Torpedo, while one unnamed network could also fall prey to Piercer.

These aren't permanent flaws, although the fixes will take some time. Torpedo and IMSI-Cracking would require solutions directly from the industry's cellular standards body, the GSMA (which knows about the issue). Piercer would require the carriers to step in. Thankfully, you probably won't see this in the wild when the researchers are keeping the exact methods a secret. It's still concerning, though, and could prove dangerous if someone independently develops attacks before there are defenses in place.

Verizon owns Engadget's parent company, Verizon Media. Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
622 Shares
Share
Tweet
Share

Popular on Engadget

Qantas completes record 19-hour flight to test limits of air travel

Qantas completes record 19-hour flight to test limits of air travel

View
The best trackballs

The best trackballs

View
After Math: Stand and Delivery

After Math: Stand and Delivery

View
Honda's Accord Hybrid is a value-packed sedan

Honda's Accord Hybrid is a value-packed sedan

View
NASA's InSight lander can finally dig a hole for its Mars heat probe

NASA's InSight lander can finally dig a hole for its Mars heat probe

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr