Skip to main content

New Vulnerability In 4G and 5G Networks Could Allow Hackers To Trick Network Service Providers And Users Of Smartphones, Tablets And IoT Devices.





A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for paid subscriptions on their behalf.
The impersonation attack — named "IMPersonation Attacks in 4G NeTworks" (or IMP4GT) — exploits the mutual authentication method used by the mobile phone and the network's base station to verify their respective identities to manipulate data packets in transit.
"The IMP4GT attacks exploit the missing integrity protection for user data, and a reflection mechanism of the IP stack mobile operating system. We can make use of the reflection mechanism to build an encryption and decryption oracle. Along with the lack of integrity protection, this allows to inject arbitrary packets and to decrypt packets," the researchers explained.
The research was presented at the Network Distributed System Security Symposium (NDSS) on February 25 in San Diego.
The vulnerability impacts all devices that communicate with LTE, which includes all smartphones, tablets, and IoT devices currently being sold in the market.

"The Bochum-based team is attempting to close the security gap in the latest mobile communication standard 5G, which is currently rolled out," the researchers said. The flaws were responsibly disclosed to the telecom standards body GSM Association last May.

How does the IMP4GT attack work?.
The researchers carried out the attacks using software-defined radios, which are devices that can read messages between a phone and the base station it's connected to. The man-in-the-middle attack, then, allows a hacker to impersonate a user towards the network and vice versa.
In other words, the attacker tricks the network into thinking the radio was, in fact, the phone (uplink impersonation), and also dupes the phone into assuming that the software-defined radio is the legitimate cell tower (downlink impersonation).

4g and 5g Network Hacking.
"The uplink impersonation allows an attacker to establish an arbitrary IP connection towards the Internet, e. g., a TCP connection to an HTTP server. With the downlink variant, the attacker can build a TCP connection to the UE," the researchers said.
It's to be noted that the adversary must be in close proximity — in the range of 2km — to the victim's mobile phone to mount the IMP4GT attack. As a consequence, these attacks are no different from those that involve cell-site simulators such as IMSI catchers (aka stingrays) that are used by law enforcement agencies to intercept mobile phone traffic.
Once this communication channel is compromised, the next stage of the attack works by taking advantage of the missing integrity protection in the LTE communication standard to arbitrarily modify the data packets that are being exchanged.

By forging the internet traffic, the attack could allow a hacker to make unauthorized purchases, access illegal websites, upload sensitive documents using the victim's identity, and even redirect the user to a malicious site, a different form of attack called "aLTEr attack."
"This attack has far-reaching consequences for providers and users," the researchers said in the paper. "Providers can no longer assume that an IP connection originates from the user. Billing mechanisms can be triggered by an adversary, causing the exhaustion of data limits, and any access control or the providers' firewall can be bypassed."
Moreover, "by doing so, we show that an attacker can bypass the provider's firewall mechanism, and the phone is open to any incoming connection. Such an attack is a stepping stone for further attacks, such as malware deployment."

What's the solution?.
The disclosure of the IMP4GT attack comes on the heels of similar research undertaken by academics at Purdue University and the University of Iowa, which uncovered three new security flaws in 4G and 5G networks that can be used to eavesdrop on phone calls and track the locations of cell phone users.
The incoming 5G standard, which is being rolled out in a handful of countries, aims to offer faster speeds and long-needed security features, including protection from IMSI catchers. But with hundreds of millions of devices impacted by these flaws, it's imperative that 5G implementations apply more robust security and data protection to fix the vulnerabilities.
"Mobile network operators would have to accept higher costs, as the additional protection generates more data during the transmission," David Rupprecht, one of the paper's co-authors, said. "In addition, all mobile phones would have to be replaced, and the base station expanded. That is something that will not happen in the near future."
While the scrutiny of the 5G standard has made it possible to catch and fix potential vulnerabilities before the 5G networks are widely deployed, the latest research is a sign that cellular network security needs further attention.

Comments

Post a Comment

Popular posts from this blog

Ambassador Angualia Richard Perished in a Fatal Accident.

Story by Osuta Yusuf. Arua City. 29-7-2025. 📸: Portrait of Ambassador Angualia Richard. Courtesy Photo. Former Uganda's Ambassador to Egypt, Ambassador Angualia Louis Richard has been reported dead this evening 5pm 28-7-2025 after he was involved in a head-on collision accident with another motorcycle rider near Abi Farm, Ayivu East Constituency in Arua City. 📸: Photos from the scene of the Accident. Courtesy Photos. He met his death this evening while riding on a Bajaj Motorcycle. Amb. Angualia, who contested in 2011 for Maracha County but lost to Hon Alex Onzima Adrooa. In 2016 when two Constituencies were created in Maracha District, carving Maracha Constituency and Maracha East constituency, Ambassador Angualia contested for Maracha Constituency MP position in 2016 but lost to Hon Oguzu Lee Denis. Ambassador Angualia later shifted to contest in Maracha East Constituency but again lost to Hon Ruth Lematia Molly Ondoru during the 4-September-2020...
1 comment
Read more

Lab Student Drowned, Body Missing in Rokoze Lake in Nyadri Sub-county, Maracha District.

Maracha District.  5-December-2025. 📸: Residents gathered around the lake as they searched the missing body of the student. Photo by #Information_is_Power's news reporter.  This afternoon Friday 5-December-2025, a student from St Joseph Laboratory Training School in Maracha hospital, a one  Araku Denis drowned in Rokoze water body in Nyadri Sub-county and the  body has not been retrieved upto this night as the police and residents searched for it and in vain but they are expected to resume retrieving it tomorrow Saturday 6-December-2025. 📸: Photo of the deceased which we captured on his phone screen this night. Araku and his fellow students had  reportedly gone to pass time at water point after completing exams papers of today. Him and callagues got attracted to swimming at water body where he perished.  By press time, efforts to retrieve his body proved futile as the body remains invisible on water surface.  Rokoze water body...
Post a Comment
Read more

Famous Arua City TikToker Arrested on Allegations of Lesbianism Act.

Arua City. 20-2-2026. A famous TikToker from Arua City, WestNile region, in the names of Torrero Bae was arrested on Wednesday 18-2-2026 and taken to Onduparaka Police Station on Allegations of engaging in Lesbianism acts with another girl. Story excerpts from the Facebook account of Kawawa Michael.  📸: Part of the screenshot  📸: Screenshot from Facebook.  I have spoken to a reliable source from Onduparaka Div police HQS  As concerns the case of these girls  It's true they have confessed to being lesbians and the whole of their dancing group is involved  She comes from a good family and the mother is a teacher by profession I will hide her names  It's alleged that she started her lesbiansim from school that is why she ran away from the mother that is according to her mother who was present at Onduparaka today  Police is trying to apprehend the whole group then make a decision on the file at the moment other...
Post a Comment
Read more