Skip to main content

Flaws in 4G and 5G can lead to spying on location and calls, researchers find

Flaws in 4G and 5G can lead to spying on location and calls, researchers find

/

Hackers could also send fake alerts

Share this story

The text “5G” on a green background.
Illustration by Alex Castro / The Verge

A group of security researchers has revealed that newly discovered flaws in networks could let hackers eavesdrop on calls or track a phone owner’s location. Worse, the problems extend beyond just the widely used 4G, and into the next-generation 5G.

TechCrunch first reported on the researchers’ paper, which is set to be presented at a security symposium tomorrow.

Attack works by making several calls

In the paper, the researchers outline an attack called Torpedo, which can be used to determine whether a device is in a certain location. The attack exploits an issue in how devices send “paging” information when calls or texts are received. By making several calls continuously, a malicious attacker can take advantage of the paging information produced by a device to determine where that device is. The researchers found that the flaw could also be used to send fraudulent emergency alerts to a device.

Using that information, attackers can use other attacks to determine a device’s international mobile subscriber identity. The researchers told TechCrunch that the issue puts device owners at risk of having their calls or texts intercepted by devices like Stingrays, even if they’re on 5G networks.

A fix is still available, though: according to the researchers, while they’ve verifed the Torpedo attack is possible on all US service providers, they’ve informed the GSMA, a trade group for service providers that coordinates security vulnerabilities.