Your phone calls and even your location could be at risk, according to researchers at Purdue University and the University of Iowa. Tech Xplore reports that recently discovered vulnerabilities in 4G and 5G networks may be just the invitation that hackers need to intercept calls and track users’ whereabouts.
“5G is trying to enforce stronger security and privacy policies than predecessors. However, it inherits many of its characteristics from previous generations, so it’s possible that vulnerabilities that exist in those generations will trickle down to 5G,” Syed Rafiul Hussain, a postdoctoral researcher in computer science at Purdue University, says.
In an attempt to conserve energy, cell networks only sporadically scan for incoming calls, texts, and notifications. These scans are called paging occasions, and they are designed into network protocols. If several calls are placed and cancelled in a short period of time, when the device isn’t scanning for incoming messages, a paging message can be triggered without notifying the device. Hackers can then use this paging message to track a person’s location and send phony paging messages to interfere with text and calls from coming to a device, in an attack known as a “torpedo.”
“It doesn’t require an experienced hacker to perform this attack,” says Hussain. “Anyone with a little knowledge of cellular paging protocols could carry it out.”
The researchers also note that torpedoes could be used to snatch a device’s international mobile subscriber identity (IMSI) on 4G networks and obtain a user’s Twitter handle or phone number, on both 4G and 5G networks.
The findings were presented at the Network and Distributed Security Symposium in San Diego.