Slashdot Mirror
New Flaws In 4G, 5G Allow Attackers To Intercept Calls and Track Phone Locations (techcrunch.com)
An anonymous reader quotes a report from TechCrunch: A group of academics have found three new security flaws in 4G and 5G, which they say can be used to intercept phone calls and track the locations of cell phone users. The findings are said to be the first time vulnerabilities have affected both 4G and the incoming 5G standard, which promises faster speeds and better security, particularly against law enforcement use of cell site simulators, known as "stingrays." But the researchers say that their new attacks can defeat newer protections that were believed to make it more difficult to snoop on phone users. [Rafiul Hussain, one of the co-authors of the paper, along with Ninghui Li and Elisa Bertino at Purdue University, and Mitziu Echeverria and Omar Chowdhury at the University of Iowa are set to reveal their findings at the Network and Distributed System Security Symposium in San Diego on Tuesday.
The paper, seen by TechCrunch prior to the talk, details the attacks: the first is Torpedo, which exploits a weakness in the paging protocol that carriers use to notify a phone before a call or text message comes through. The researchers found that several phone calls placed and cancelled in a short period can trigger a paging message without alerting the target device to an incoming call, which an attacker can use to track a victim's location. Knowing the victim's paging occasion also lets an attacker hijack the paging channel and inject or deny paging messages, by spoofing messages like Amber alerts or blocking messages altogether, the researchers say. Torpedo opens the door to two other attacks: Piercer, which the researchers say allows an attacker to determine an international mobile subscriber identity (IMSI) on the 4G network; and the aptly named IMSI-Cracking attack, which can brute force an IMSI number in both 4G and 5G networks, where IMSI numbers are encrypted. AT&T, Verizon, Sprint and T-Mobile are all affected by Torpedo, "and the attacks can be carried out with radio equipment costing as little as $200," the report adds. One U.S. network is reportedly vulnerable to the Piercer attack, but the researcher wouldn't name which one.
The paper, seen by TechCrunch prior to the talk, details the attacks: the first is Torpedo, which exploits a weakness in the paging protocol that carriers use to notify a phone before a call or text message comes through. The researchers found that several phone calls placed and cancelled in a short period can trigger a paging message without alerting the target device to an incoming call, which an attacker can use to track a victim's location. Knowing the victim's paging occasion also lets an attacker hijack the paging channel and inject or deny paging messages, by spoofing messages like Amber alerts or blocking messages altogether, the researchers say. Torpedo opens the door to two other attacks: Piercer, which the researchers say allows an attacker to determine an international mobile subscriber identity (IMSI) on the 4G network; and the aptly named IMSI-Cracking attack, which can brute force an IMSI number in both 4G and 5G networks, where IMSI numbers are encrypted. AT&T, Verizon, Sprint and T-Mobile are all affected by Torpedo, "and the attacks can be carried out with radio equipment costing as little as $200," the report adds. One U.S. network is reportedly vulnerable to the Piercer attack, but the researcher wouldn't name which one.
Hardly sounds like a "flaw".
“He’s not deformed, he’s just drunk!”
One U.S. network is reportedly vulnerable to the Piercer attack, but the researcher wouldn't name which one.
Hory sheet we store fraws!
Are we talking real 5G, or AT&T 5G?
These are problems baked into the standards, and we've seen how fast the standards evolve.
How many years will it take before the telcos sort out how to solve the problem and then how long to implement that solution throughout the network? Wouldn't it be better if the standards development were more open and evaluated by knowledgable people beforehand?
requested by .gov
What about 6G? I keep hearing the USA is going to go straight to that from 4G.
How else do we get governments to approve it for use?
Since the advent of the surveillance state, I just assume that speaking on a cell phone, texting on a cell phone, and carrying a cell phone with the battery in it is the technological equivalent of breadcrumbs... if anybody is highly motivated enough to want to track my movements.
The Stingray Tools are fairly easy for well-funded organisations to deploy, your cellie hits on towers it is closest to, and all manner of back doors for national security may be built in.
Don't take a knife to a gun fight, and don't take a cell phone anywhere that might be considered shady.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
It cannot possibly be that security flaws in communication are a consequence of bad design, sloppy/cheap implementation or deliberate back-door placement by domestic agencies. We demand our usual amount of foreign-evil-doer blame-assignment!
"and don't take a cell phone anywhere that might be considered shady." - And if you're going to launder money for the Russian mob for 30 years, lol don't let your "fixer" lawyer guy record your voice talking about it for 15 years. Fucking moron.
A little bit of opsec and these Alfabank betas might have gotten away with it! A LITTLE BIT! "Russia, if you're listening..." - Seriously. Roger Stone now accepting rogering, will sing for lube. The whole treason is falling apart.
And why? BECAUSE HE PICKED A FIGHT WITH A PORN STAR. Let's just count the hundreds of times Trump has fucked himself, it's almost impossible to contain them all in your mind at one time. In his own WORDS a traitor!
What the fuck are we even doing, we should be pitchforking his ass RIGHT NOW
Oh, you poor naive civilians ...
-- Tigger warning: This post may contain tiggers! --
"Flaws"? You've used the wrong verb there. "Working as designed" is probably more accurate.
Just because you're paranoid doesn't mean that they aren't out to get you. That was my funny phrase in the 70's, it's not quite so funny now.
Luckily they're not trying to find or get me. But I'll ask Google Home about it just to make sure.
If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
trump was right.. we do need '6G' asap.
https://arstechnica.com/tech-p...
Thank goodness my flip-phone is still on 2G. Not sure what I will do when I need a new real-keyboard, no-camera Telephone that is really just a telephone.
911 systems that have phase II (E911, phase II) is "suppose" to get you within 50 to 150 meters which is between 150 feet to 500 feet max which sounds "close" unless you are on the other end of the 911 call screaming for help. Shoot, when I was dispatching, we had to figure out WHERE they lived by the "well, you go down the old creek road where that barn got hit by lightning, turn right (and right could be north, south, east or west depending on where they were coming from!) then I'm right next to that barn that has that horse that always follows the cars. Heck, everyone knows where I live. (I always wished people in the rural areas were given flare guns...we'd send the patrol unit in the area, and if they heard a siren, shoot the flare up in the air, and blink the porch light on and off!). I'm sure the government has MUCH better accuracy than 911 systems, but, it's still a crapshoot unless you have the equipment.
If my phone carrier makes it possible for ANYBODY to identify my location, I will consider such actions to be a military attack by my phone carrier upon me and my loved ones, and they can expect a measured response.