- The issue existed in the cellular paging (broadcast) protocol in the latest generation of mobile communications.
- An exploit called ToRPEDO was revealed by the researchers to target 4G and 5G-enabled devices.
A new research study has uncovered serious privacy risks associated with 4G as well as the latest 5G protocols. The researchers discovered that attackers could break into devices running on these protocols to conduct denial-of-service attacks.
The study, which was done by scholars from Purdue University and the University of Iowa, analyzed cellular paging in 4G and 5G devices.
- Paging protocol balances the device’s energy consumption for different processes (for example, phone calls) running in the device.
- Attackers can inject malicious paging messages into this protocol to perpetrate denial-of-service attacks.
- Information such as device location, phone number, Twitter handles etc., could be compromised in 4G and 5G devices.
- ToRPEDO, short for Tracking via Paging Message Distribution, is the method proposed by the researchers to exploit privacy.
- IMSI-Cracking and PIERCER were the other two methods devised in the study.
Why it matters?
- The development of 5G -- the soon-to-be norm for mobile network protocols -- will vastly be affected by this privacy issue.
- Identities of 4G and 5G phone users could be exposed.
- Sensitive information such as payment data of users could also be at risk.
The bottom line - Though the paper details loopholes in the telecommunication protocols, it also delineates the limitations associated with their attack methods.
“For ToRPEDO to be successful, an attacker needs to have a sniffer in the same cellular area as the victim. If the number of possible locations that the victim can be in is large, the expense of installing sniffers (i.e., $200 each) could be an impediment to carrying out a successful attack.”
Similarly, PIERCER would require a separate base station for the attack to be successful. The IMSI-Cracking attack only works when the victim does not realize that notifications are deactivated as part of the attack. In fact, this method was checked for 4G devices only and is not validated on 5G Networks.