During a recent event dedicated to the experts in security entwork, a rteam of investigators discovered a pack of vulnerabilities in the mobile phone networks that impact the protocols 4G and 5G LTE.
In their investigation, titled “ Privacity violations against the protocols of mobile phones 4G and 5G”, the experts said that the new attack variations could allow remote access to the telecommunications avoiding the security meassures implemented on these protocols, counting with the posible use of IMSI devices (like the well known StingRay) to intercept the mobile phone signals.
And now, specialists in network security from the International Cybernetic Security Institute describe the way of deplying these new attack variations;
– TORPEDO Attack
This attack explodes the searching protocol of mobile phones, allowing the malicious users to track the location of the victim’s device. Thanks to this, the attackers can inject searching messages specially designed to generate refusal services conditions (DoS).
If a team do not establish active communication with a network, it enters an inactive mode to save battery. Before the call or the message arrives to the device, the nwtwork sens a searching message to recognize the call or the incoming messages: this message also includes a known value as Temporal Subscriber Identity (TMSI), this value do nto change frequently.
The security network specialists discovered that if an attacker calls and hangs up the calls repeatedly in a short time, the database updates the TMSI value more frequently than normal when the searching messages are sent. If an attacker detects these searching messages using a IMSI device, he can verify if the victim is inside arange where he can intercept his communications,
The specialists in network security say that the TORPEDO attack collides in rhe 4G and 5G protocols; they also add that the attack was tested against mobile phone services suppliers in the EE.UU and Canada.
– IMSI and PIERCER cracking attacks
Besides we mentioned earlier, the TORPEDO attack seems to allow 2 other variations of attacks, called IMSI cracking and PIERCER.
The information exposition via CORE network attack (PIERCING) exists due a design error and allows the attacker to link the IMSI of the victim with their phone number.
“Some services suppliers use IMSI instead of TMSI in the searching messages to identify the devices with pending services”, said the expertes in their document. A handmade test revealed that it is possible to give the service supplier the thought that it is happening an exceptional case which obligate them to reveal the IMSI to the victim”, concluded the experts.
With the IMSI number of the victim, the attacker can launch other attack variations discovered beforehand, which could use the IMSI recipients to have full access to the phone comunications of the victims.