A report from TechCrunch details three new serious security flaws in both 4G and 5G networks and one of them affects all four major US carriers in addition to many more networks around the world. The vulnerabilities allow attackers to track a user’s location as well as intercepting phone calls.
Interestingly, the flaws discovered by researchers at Purdue University and the University of Iowa impact both 4G and 5G. Syed Rafiul Hussain, Ninghui Li, Elisa Bertino, Mitziu Echeverria, and Omar Chowdhury previously shared their findings with the major US wireless carriers and are set to present their research at the Distributed System Security Symposium in San Diego tomorrow.
Torpedo is the name of the first flaw that users on AT&T, Verizon, T-Mobile, and Sprint (and more) are all susceptible to which can allow attackers to track smartphone locations. Here’s how it works:
Torpedo also allows attackers to leverage two more flaws:
The researchers say that an attacker only needs about $200 worth of equipment to take advantage of the Torpedo flaw. Notably, many other networks around the globe are vulnerable to these attacks as well.
The researchers aren’t publishing the proof-of-concept code at this point for security reasons. In addition to carriers, they also shared the flaws with GSM association.
Fixes will require work from both carriers and the GSM association.
