February 25, 2019 at
Network security researchers from two Universities found dangerous defects in both 4G and 5G protocols. The weaknesses could enable hackers to harm the users by spying on their location, calls and text messages. The four largest network providers from the USA as well as from Europe and Asia are at risk. The found weaknesses were reported to GSMA.
What’s in the paper?
Syed Rafiul Hussain, Ninghui Li and Elisa Bertino of Purdue University collaborated with their colleagues Mitziu Echeverria and Omar Chowdhury of the University of Iowa to examine the potential risks of 4G and 5G network protocols. The researchers will present their report on Tuesday at the San Diego’s Network and Distributed System Security Symposium.
The researchers stated that this is the first case of protocol imperfections to manipulate both 4G and 5G that was announced to be faster and have improved security issues. 5G should be especially immune to StingRays. StingRays are advanced devices used by law enforcement for the purpose of surveillance of phone devices. They act as a cell station that forces all the nearby devices to connect to it and share information, not only location, but also calls and text messages.
The three found protocol weaknesses are particularly dangerous because they are not covered with advanced 5G security techniques and because anyone can exploit them. According to researchers, it’s enough to know just a bit about protocols to launch an attack that jeopardizes user’s privacy. The attack can be successfully launched with a radio equipment available to everyone that costs not more than 200 dollars.
Types of the attacks: Torpedo, Piercer and Cracking attack
Just before user receives a call or a text message, the system activates carriers intended to notify the device. Torpedo uses a weakness in the paging protocol of the carriers to gather information about user’s paging frequency. Knowing this, hackers can manipulate the paging channel and change paging messages without user’s awareness, whether adding or blocking messages. It was also found that if a few calls get started and aborted quickly, that can activate the paging message without notifying the device about the call. Hackers can take advantage of this to gather information about user’s location.
Torpedo introduces Piercer and IMSI-Cracking attack. Piercer can manipulate 4G network to let the hacker identify the user’s unique IMSI (International Mobile Subscriber Identity). For this exact reason 5G protocols have been built to encrypt IMSI. But that’s where the IMSI-cracking attack is useful. It can forcefully crack IMSI in both 4G and 5G protocols.
Torpedo is so powerful that it presents a threat to four largest network providers in USA: AT&T, T-Mobile, Verizon and Sprint. The lead researcher Hussain said that one of these USA networks was also eligible for Piercer attack. Networks in Europe and Asia are also at risk due to using faulty 4G and 5G protocols.
How to fix this?
This is yet another problem for the phone devices user security. It is already known that hackers widely manipulate Signaling System 7 used to route traffic across networks. That’s why network security was a subject of thorough analysis last year due to weaknesses that allowed frequent spying on private calls and text messages.
It turned out that improved and modern 4G is as faulty as 3G. The public hoped protocol weaknesses would be fixed with announced 5G. However, European security experts have already pointed to the 4G-like issues in the new 5G protocol.
Lead researcher Hussain stated that the found vulnerabilities were reported to Global System for Mobile Communication (GSMA). GSMA is an international organization that gathers mobile network providers from the whole world and protects their interests. GSMA acknowledged the submitted information but did not make any solution yet.
Researchers expect the protocol weakness that allows Torpedo to be neutralized first. Torpedo enables other two attacks and therefore is the most important to GSMA. After Torpedo, IMSI-Cracking could be fixed second. Piercer can be solved only by improving the carriers.
One year ago, Hussain and his colleagues warned the public about 10 vulnerabilities of 4G protocol. Hackers were taking advantage of them in the same way they do now – spy on user’s call log and SMS and also fake user’s emergency notifications. Solutions for the problems marked in Hussain’s this year’s report is yet to be found.