ToRPEDO Privacy Attack on 4G/5G Networks Affects All U.S. Carriers
A team of researchers from the Purdue University and the University of Iowa have discovered major flaws in 4G and 5G mobile protocols that allow for three types of attacks with privacy-breaking consequences.
The central attack, dubbed ToRPEDO, allows attackers to obtain the phone number, location information and other data on victims, as well as to sent out fake paging messages and to carry out denial-of-service (DoS) attacks. The other two attacks, dubbed MSI-Cracking and PIERCER make it possible for threat actors to learn a victim’s unique International Mobile Subscriber Identity (IMSI) number, which can be used for location-tracking. The researchers state that “[a]ll of our attacks have been validated in realistic setting for 4G using cheap software-defined radio and open-source protocol stack.”