According to The Hacker News, there are new cyber threats on the attack, the most insidious, being a torpedo hit. “Torpedo” stands for “TRacking via Paging mEssage DistributiOn.”
Spammers have figured out a way to tap into a 4G or 5G LTE phone that is currently in idle mode. Prior to receiving a call or text message, your phone is paged by the cellular network to let the phone know that a message is arriving.
The paging system uses an ID mechanism, TMSI (Temporary Mobile Subscriber Identity) that identifies the recipient and is a fixed value.
An attacker who is monitoring transmissions can “sniff” out a recipient by latching on to the TMSI. The victim is then vulnerable to receiving false text messages and denial-of-service attacks. In addition, researchers found that, “If the attacker is aware of the victim’s often-visited locations, then the attacker can set up sniffers on those locations to create the victim’s cell-level mobility profile.” A savvy attacker can even take over an entire paging channel by tracking back repeated contacts from the compromised phone.
Similar to a TMSI tag, an IMSI (International Mobile Subscriber Identity) is a unique identity code. The victim of a PIERCER (Persistent Information ExposuRe by the CorE netwoRk) attack could have their phone number hijacked by a third party whose phone number piggybacks on the victim’s IMSI.
February 28, 2019