Researchers find various flaws in 5G networks, including tracking location

The flaws also spoof emergency alerts and could create fake chaos


Researchers in the U.S.have found a flaw in 5G-capable phones that could be used to track someone’s real-time location.

While 5G might not be coming to Canada until at least 2021, researchers at Purdue University and the University of Iowa have found close to a dozen vulnerabilities that include spoofing emergency alerts, tracking location and even disconnecting a 5G-connected phone from the network silently.

Experts have indicated that the next iteration of mobile wireless networks is far more superior than that of its predecessor, 4G LTE. It is powerful enough to not be affected by what is known as “stingrays,” which is when hackers try to target older cellular networks like 2G and 3G.

The researchers, however, have found out that 5G has several weaknesses and that these can also be used to target phones on 4G networks, TechCrunch reported.

In their testing, they discovered that a hacker could create “a malicious radio base station” and “carry out several attacks against a target’s connected phone used for both surveillance and disruption.”

In one simulation, the researchers were able to obtain “both old and new temporary network identifiers of a victim’s phone,” which allowed the researchers to “discover the paging occasion, which can be used to track the phone’s location.” They were able to even “hijack the paging channel to broadcast fake emergency alerts.”

Researchers said this could lead to “artificial chaos,” especially when fake alerts are sent.

They also note that these flaws can easily be identified by anyone with a working knowledge of 4G and 5G networks along with low-cost software-defined radio.

The article indicated that the researchers plan to submit their findings to the GSM Association, the group that represents cell networks worldwide.

The GSM Association has recognized the research group, but has indicated that the vulnerabilities were “judged as nil or low-impact in practice.” A spokesperson said that these flaws might even help clear up ambiguity in the security standards that are still being put together and clarified.

Perhaps these flaws will be fixed in the network before it comes into Canada in the near future.

Source: TechCrunch