Security News > 2020 > February > Mobile Networks Vulnerable to IMP4GT Impersonation Attacks
A group of researchers at Ruhr-Universität Bochum and NYU Abu Dhabi have discovered a new attack on 4G and 5G mobile networks that can be used to impersonate users.
In IMP4GT attack, the researchers explain in a whitepaper, the impersonation can be conducted on either the uplink direction or the downlink direction.
While the technical characteristics of the attack are comparable to IMSI catchers/stingrays, in the case of IMP4GT, the relay actively sends data to the network and also operates as a man-in-the-middle, and the attacker impersonates a victim or network - classical IMSI catchers try to identify and localize the victim.
The researchers, who contacted the GSMA last year to report the discovery, say that all network vendors are equally vulnerable and that their attack works on some 5G networks as well.
The vulnerability could be addressed in the now-rolling-out 5G networks by implementing mandatory user-plane integrity protection, but that would require higher costs for network operators - the additional protection would generate more data during transmission - and the replacing of current mobile phones.