Syed Rafiul Hussain, Nighui Li and Elisa Bertino, researchers at Purdue University alongside Mitzu Echeverria and Omar Chowdhuri of the University of Iowa will publish a study that demonstrates new vulnerabilities found in 4G and 5G networks. The paper was presented for the first time in the symposium on “Network and Distributed System Security”, which is held today in San Diego, California.
In short, 4G and 5G networks can be exploited to access user data. Syed Hussain says that anyone with little knowledge of cellular protocols can initiate such an attack if they have the tools they need.
Over the last few years, Stingray devices used by law enforcement agencies have used similar vulnerabilities to find the geolocation of some users and to monitor the list of calls that take place within the reach of the device. Although there is currently no evidence of the existence of more advanced devices, researchers believe there may be some who can even intercept calls and text messages.
The team involved in the study discovered a method that uses an attack called “Torpedo,” which calls and cancels the call to the target several times consecutively, thus leading to a vulnerability in the paging system of the network. Practically, the initiator of the attack can send a message to the target device without him recording a call. From here, it’s easy to track the call and send new false messages even through the Amber alert system. Also, the attacker can block other messages that may be received by the target.