Skip to Content
Security & privacy

Out of the gate, security flaws already found in 5G technology

Well, 5G, the next generation of cellular technology, is finally here and 5G-capable phones and networks are rolling out.

It promises faster speeds, wider coverage and low latency, meaning it will respond more quickly to requests. It is also aimed at delivering virtual-reality experiences and bringing more devices online, from sensors to robots to cars to smart-home gadgets.

Five-G is barely a few months old but researchers have already managed to poke security holes in it. Security researchers from Purdue University and the University of Iowa have discovered three new vulnerabilities in 5G, and even the current 4G technology, that can be used to track someone’s location, intercept phone calls and send fraudulent text messages.

New security flaws can affect both 4G and 5G

The most critical flaw is called Torpedo and it exploits a flaw in the paging system that notifies your phone of an incoming call or text.

Here’s how it’s supposed to work — if an attacker starts to cancel several calls in a short period, they can send a paging message without alerting your phone to a call. Not only will this allow them to track your phone’s location and spoof paging messages like Amber and Emergency alerts, but this can also expose your phone to two other attacks.

One attack is called Piercer and this allows attackers to determine your phone’s unique international mobile subscriber identity (IMSI) on a 4G network. The other one is called the IMSI-Cracking attack, and these allow attackers to brute-force encrypted IMSI numbers in both 4G and 5G networks.

5G-enabled phones vulnerable to hacks

The researchers say these flaws will put even the latest 5G-enabled phones at risk from Stingrays, the portable luggage-sized gadgets that law enforcement use to track someone’s real-time location and log all phones within its range. Some of the more advanced Stingrays can intercept calls and messages, the researchers added.

All four major U.S. cellular carriers – AT&T, Verizon, T-Mobile, and Sprint – are all affected by Torpedo, and get this: These attacks can be launched with radio equipment that costs as little as $200.

Additionally, one of the U.S cellular networks is vulnerable to Piercer attacks. The researchers have decided not to name the network at this time for security reasons. They are not releasing their proof-of-concept code at the moment, either.

How 5G problems will be fixed

The team has already reported the flaws to the GSMA, the international body that represents the interests of mobile operators worldwide.

In the meantime, cellular phone subscribers like you and me will have to wait for these companies to patch these flaws themselves. The Torpedo and IMSI-cracking flaws will have to be fixed by the GSMA first. Piercer’s fix, however, depends on the carriers.

At this point, a patch for Torpedo is the top priority since it’s a prerequisite for the two other attacks and we’re hoping that it’s coming sooner than later.

Click here to read the full research report.

Bonus podcast: The future may get here faster than we think, as the world races toward 5G wireless technology. 5G will be faster, revolutionary and could even fight terrorism?

In this Komando on Demand podcast, Kim looks at why 5G is both astonishing and dangerous.

Tap or click below to listen to this free Komando on Demand podcast!

cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out