Security researchers are already poking holes in 5G mere months into its existence. They’ve discovered three flaws in 4G and 5G that could be used to intercept phone calls and track someone’s location. The first and most important, Torpedo, relies on a flaw in the paging protocol that notifies phones of incoming calls and texts. If you start and cancel several calls in a short period, you can send a paging message without alerting the device to a call. That not only lets you track the device’s location, but opens the door to two other attacks.
One of these, Piercer, lets you determine the unique IMSI number attached to a user. on a 4G network An IMSI-Cracking attack can guess the IMSI number through brute force on both 4G and 5G. This makes it possible to snoop on calls and location info through devices like Stingrays even if you have a brand new 5G handset. Torpedo can also insert or block messages like Amber alerts.
The vulnerabilities potentially affect most any 4G or 5G network in the world, although the degree varies widely. All four of the largest US carriers (AT&T, Sprint, T-Mobile and Engadget parent Verizon) are susceptible to Torpedo, while one unnamed network could also fall prey to Piercer.
These aren’t permanent flaws, although the fixes will take some time. Torpedo and IMSI-Cracking would require solutions directly from the industry’s cellular standards body, the GSMA (which knows about the issue). Piercer would require the carriers to step in. Thankfully, you probably won’t see this in the wild when the researchers are keeping the exact methods a secret. It’s still concerning, though, and could prove dangerous if someone independently develops attacks before there are defenses in place.