“The findings are said to be the first time vulnerabilities have affected both 4G and the incoming 5G standard, which promises faster speeds and better security, particularly against law enforcement use of cell site simulators, known as ‘stingrays,'” Whittaker reports. “But the researchers say that their new attacks can defeat newer protections that were believed to make it more difficult to snoop on phone users.”
“The paper, seen by TechCrunch prior to the talk, details the attacks: the first is Torpedo, which exploits a weakness in the paging protocol that carriers use to notify a phone before a call or text message comes through. The researchers found that several phone calls placed and cancelled in a short period can trigger a paging message without alerting the target device to an incoming call, which an attacker can use to track a victim’s location,” Whittaker reports. “Torpedo opens the door to two other attacks… [that put] even the newest 5G-capable devices at risk from stingrays…”
Read more in the full article here.
MacDailyNews Take: The good news is that the flaws have been reported to the GSMA and carriers, who can now fix the issues for shore up security.