Communication companies claim that new 5G networks could be up to a hundred times faster than current wireless networks. This speed would also reduce or eliminate latency (i.e., the time between instructing a computer to perform a task and its execution). As a result, there will be demand for and capability for more and more devices to be connected to the Internet. Great news? Yes, but…
With many more devices connected, this new super-connected world will be more susceptible to cyberattacks, creating more opportunities for hackers to disrupt our daily lives. “5G is not just for refrigerators,” says Robert Spalding, the senior director for strategic planning at the National Security Council. “It’s farm implements, it’s airplanes, it’s all kinds of different things that can actually kill people, or that allow someone to reach into the network and direct those things to do what they want them to do. It’s a completely different threat that we’ve never experienced before.”
There are vulnerabilities in the 4G network that will likely be carried over to the new 5G network, although the 5G standard was specifically designed to protect against attacks. “We were really surprised that though 5G promises enhanced security and privacy, it cannot guarantee that level, because it inherits many security policies and subprotocols from the previous generations, which are more error-prone,” says Purdue University’s Syed Rafiul Hussain, one of the researchers and authors of a paper on security flaws in 4G and 5G. “It opens the door for an adversary to exploit these weaknesses.”
One of the vulnerabilities the researchers identified and named “Torpedo” allows hackers to track targets by making a quick series of phone calls to a victim’s device to evaluate the paging protocol communications. Although there are protections built in to 4G and 5G, attackers can get around them by spotting patterns in the paging messages that reveal where the device is located.
That is just the beginning, as hackers can then add or block messages or even learn the victim’s International Mobile Subscriber Identity (IMSI) number. “Once a user’s IMSI is exposed, an adversary can carry out more sophisticated attacks including tracking the location and intercepting phone calls and SMS messages of the user,” Hussain says. “Average consumers are at the risk of exposing their privacy to malicious third parties who sell location data and other private information.”
