Three security flaws found in 4G and 5G networks could be used to intercept phone calls and track peoples’ location (via TechCrunch).
Torpedo, Piercer, IMSI
Three security researchers from Purdue University wrote a paper [PDF] on the flaws. The first flaw—Torpedo—takes advantage of a weakness in the paging protocol that carriers use to notify a phone before a call or text message comes through.
The research team found that if you place and cancel several phone calls in a short period of time, it can trigger a paging message without alerting the target’s phone of the incoming calls. This can be used to track the person’s location and spoof messages like Amber alerts.
Torpedo enables the two other attacks. One is called Piercer, and it lets the attacker find an International Mobile Subscriber Identity (IMSI) on 4G. Then, the IMSI-Cracking attack can brute force that number on 4G and 5G networks.
All four major carriers in the U.S. are affected by Torpedo, which can be carried out by equipment as cheap as US$200.