Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information

Syed Rafiul Hussain, Mitziu Echeverria, Omar Chowdhury, Ninghui Li, Elisa Bertino

Research output: Chapter in Book/Report/Conference proceedingConference contribution

96 Scopus citations

Abstract

The cellular paging (broadcast) protocol strives to balance between a cellular device’s energy consumption and quality-of-service by allowing the device to only periodically poll for pending services in its idle, low-power state. For a given cellular device and serving network, the exact time periods when the device polls for services (called the paging occasion) are fixed by design in the 4G/5G cellular protocol. In this paper, we show that the fixed nature of paging occasions can be exploited by an adversary in the vicinity of a victim to associate the victim’s soft-identity (e.g., phone number, Twitter handle) with its paging occasion, with only a modest cost, through an attack dubbed ToRPEDO. Consequently, ToRPEDO can enable an adversary to verify a victim’s coarse-grained location information, inject fabricated paging messages, and mount denial-of-service attacks. We also demonstrate that, in 4G and 5G, it is plausible for an adversary to retrieve a victim device’s persistent identity (i.e., IMSI) with a brute-force IMSI-Cracking attack while using ToRPEDO as an attack sub-step. Our further investigation on 4G paging protocol deployments also identified an implementation oversight of several network providers which enables the adversary to launch an attack, named PIERCER, for associating a victim’s phone number with its IMSI; subsequently allowing targeted user location tracking. All of our attacks have been validated and evaluated in the wild using commodity hardware and software. We finally discuss potential countermeasures against the presented attacks.

Original languageEnglish (US)
Title of host publication26th Annual Network and Distributed System Security Symposium, NDSS 2019
PublisherThe Internet Society
ISBN (Electronic)189156255X, 9781891562556
DOIs
StatePublished - 2019
Event26th Annual Network and Distributed System Security Symposium, NDSS 2019 - San Diego, United States
Duration: Feb 24 2019Feb 27 2019

Publication series

Name26th Annual Network and Distributed System Security Symposium, NDSS 2019

Conference

Conference26th Annual Network and Distributed System Security Symposium, NDSS 2019
Country/TerritoryUnited States
CitySan Diego
Period2/24/192/27/19

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality

Cite this