+44 800 689 5391 [email protected]

Despite a belief that the 5G standard would be the most secure yet, security holes have already been discovered in it.


Researchers have discovered security issues in the 4G and 5G standards which could let people listen in on your phone calls.


Digital Forensic disciplines such as Cell-Site Analysis are often used in Police Investigations to aid in convictions, these methods do not utilise methods of interception.


The team from the University of Iowa believe it is the first time that a security hole has been found in both the 4G standard and in 5G too.

Despite the increased security which 5G has been touted as providing, the academics say the protections aren’t good enough.

“Any person with a little knowledge of cellular paging protocols can carry out this attack,” said one of the researchers, Syed Rafiul Hussain, speaking to TechCrunch.

Three distinct flaws are being presented by the researchers at a network security symposium in San Diego this week.

For the flaws to be fixed, changes need to be made by the international GSM association for mobile communications companies.

New Delhi, INDIA: Chairman GSM Association (GSMA) Craig Ehrlich, (R), Indian Minister for Communication and Information Technology, Dayanidhi Maran (C) and Chairman and Group Managing Director Bharti Enterprises and Board Member GSMA, Sunil Bharti Mittal (L) listen to a speaker during a press conference in New Delhi, 13 June 2006. The GSM technology based mobile subscriber base has touched two billion in June making it the fastest growth of technology ever witnessed in the world. AFP PHOTO/Praka
Image:The GSM association is responsible for fixing the issues

The researchers told TechCrunch that they had reported the issues to GSM association but that they had not yet been fixed.

Mr Hussain said that the four major carriers in the US are affected by one of the attacks, which they nicknamed Torpedo.

It was not clear if the mobile providers in the UK are also affected, but there is no significant difference in the tech underpinning both countries’ mobile networks.

Following publication, a spokesperson for the GSM association said: “The GSMA has been made aware, through its Coordinated Vulnerability Disclosure (CVD) Programme, of a research paper highlighting a potential weakness in 4G and 5G cellular networks that could allow phone calls to be exploited.

“The GSMA is working with 3GPP to consider attack detection options, if the threat level warrants, and whether modifications could be made to the standards.

“The GSMA would like to clarify that there is no impact on 5G networks due to the original research being based on an early version of the standard that has since changed.

“This security enhancement illustrates how security levels continue to evolve and improve through standardisation.

The GSMA’s CVD process allows responsible researchers the opportunity to share findings and to contribute to the industry’s ongoing work to drive security improvements.”


A group of academics have found three new security flaws in 4G and 5G, which they say can be used to intercept phone calls and track the locations of cell phone users.

The findings are said to be the first time vulnerabilities have affected both 4G and the incoming 5G standard, which promises faster speeds and better security, particularly against law enforcement use of cell site simulators, known as “stingrays.” But the researchers say that their new attacks can defeat newer protections that were believed to make it more difficult to snoop on phone users.

“Any person with a little knowledge of cellular paging protocols can carry out this attack,” said Syed Rafiul Hussain, one of the co-authors of the paper, told TechCrunch in an email.

Hussain, along with Ninghui Li and Elisa Bertino at Purdue University, and Mitziu Echeverria and Omar Chowdhury at the University of Iowa are set to reveal their findings at the Network and Distributed System Security Symposium in San Diego on Tuesday.

“Any person with a little knowledge of cellular paging protocols can carry out this attack… such as phone call interception, location tracking, or targeted phishing attacks.”Syed Rafiul Hussain, Purdue University

The paper, seen by TechCrunch prior to the talk, details the attacks: the first is Torpedo, which exploits a weakness in the paging protocol that carriers use to notify a phone before a call or text message comes through. The researchers found that several phone calls placed and cancelled in a short period can trigger a paging message without alerting the target device to an incoming call, which an attacker can use to track a victim’s location. Knowing the victim’s paging occasion also lets an attacker hijack the paging channel and inject or deny paging messages, by spoofing messages like Amber alerts or blocking messages altogether, the researchers say.

Torpedo opens the door to two other attacks: Piercer, which the researchers say allows an attacker to determine an international mobile subscriber identity (IMSI) on the 4G network; and the aptly named IMSI-Cracking attack, which can brute force an IMSI number in both 4G and 5G networks, where IMSI numbers are encrypted.

That puts even the newest 5G-capable devices at risk from stingrays, said Hussain, which law enforcement use to identify someone’s real-time location and log all the phones within its range. Some of the more advanced devices are believed to be able to intercept calls and text messages, he said.

According to Hussain, all four major U.S. operators — AT&T, Verizon (which owns TechCrunch), Sprint and T-Mobile — are affected by Torpedo, and the attacks can carried out with radio equipment costing as little as $200. One U.S. network, which he would not name, was also vulnerable to the Piercer attack.

The Torpedo attack — or “TRacking via Paging mEssage DistributiOn. (Image: supplied)

We contacted the big four cell giants, but none provided comment by the time of writing. If that changes, we’ll update.

Given two of the attacks exploit flaws in the 4G and 5G standards, almost all the cell networks outside the U.S. are vulnerable to these attacks, said Hussain.  Several networks in Europe and Asia are also vulnerable.

Given the nature of the attacks, he said, the researchers are not releasing the proof-of-concept code to exploit the flaws.

It’s the latest blow to cellular network security, which has faced intense scrutiny no more so than in the last year for flaws that have allowed the interception of calls and text messages. Vulnerabilities in Signaling System 7, used by cell networks to route calls and messages across networks, are under active exploitation by hackers. While 4G was meant to be more secure, research shows that it’s just as vulnerable as its 3G predecessor. And, 5G was meant to fix many of the intercepting capabilities but European data security authorities warned of similar flaws.

Hussain said the flaws were reported to the GSMA,  an industry body that represents mobile operators. GSMA recognized the flaws, but a spokesperson was unable to provide comment when reached. It isn’t known when the flaws will be fixed.

Hussain said the Torpedo and IMSI-Cracking flaws would have to be first fixed by the GSMA, whereas a fix for Piercer depends solely on the carriers. Torpedo remains the priority as it precursors the other flaws, said Hussain.

The paper comes almost exactly a year after Hussain et al revealed ten separate weaknesses in 4G LTEthat allowed eavesdropping on phone calls and text messages, and spoofing emergency alerts.