Research: 5G Networks Still Vulnerable to Location Tracking, Downgrading Attacks

A group of researchers found 11 flaws, several of which would expose a device’s location and when a user calls or sends texts.

While excitement is growing about the potential capabilities of 5G networks on a global scale, researchers are finding that the next generation of connectivity could come with some major security concerns.

During the Association for Computing Machinery’s Conference on Computer and Communications Security in London this week, researchers from Purdue University and the University of Iowa presented 11 security issues in 5G protocols, WIRED reported. Those design issues could have dire consequences for users, allowing hackers to expose a person’s location, track when a user makes calls or sends a text, and downgrade a device’s service to old data networks.

To identify the problems, the researchers used a new custom tool called 5GReasoner. Their research also led them to discover five vulnerabilities that already existed with 3G and 4G networks.

"Since many security features from 4G and 3G have been adopted to 5G, there is a high chance that vulnerabilities in previous generations are likely inherited to 5G, too,” Syed Rafiul Hussain, a postdoctoral security researcher at Purdue who led the study, told WIRED. “Additionally, new features in 5G may not have undergone rigorous security evaluation yet. So we were both surprised and not so surprised by our findings."

While many proponents of 5G say that it can protect phone identifiers and therefore prevent tracking attacks, Hussain and his colleagues found that downgrade attacks can easily bring a device on to an older network to get more information about a device and the user.

In addition, the researchers found that they could get around the latest security practice of giving networks a “Temporary Mobile Subscriber Identity,” or TMSI, that is changed periodically to prevent tracking. Flaws could allow hackers to override those resets or correlate the device’s old and news TSMIs, according to WIRED.

The findings were submitted to the standards body GSMA, which said that the scenarios described by the researchers have been “judged as nil or low-impact in practice.”

“We appreciate the authors’ work to identify where the standard is written ambiguously, which may lead to clarifications in the future," the standards group said in a statement.

Still, the research points out the continued issues in the 5G security framework, which include major risks of users having their locations tracked or their devices downgraded to older networks.

"The thing I worry about most is that attackers could know the location of a user," Hussain told WIRED. "5G tried to solve this, but there are many vulnerabilities that expose location information, so fixing one is not enough."

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

  • Report: Cyber Attackers Continue to Turn to AI-Based Tools to Avoid Detection

    Comcast Business recently released its 2025 Cybersecurity Threat Report, a comprehensive analysis of 34.6 billion cybersecurity events detected between June 1,2024 and May 31, 2025. Now in its third year, the report offers business leaders a unique perspective into the evolving threat landscape and provides actionable insights to help organizations strengthen their defenses and align cybersecurity with business risk. Read Now

  • Axis Communications Creates AI-powered Video Surveillance Orchestra

    What if cameras could not only see the world, but interpret it—and respond like orchestra musicians reading sheet music: instantly, precisely, and in perfect harmony? That’s what global network technology leader Axis Communications set to find out. Read Now

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX
  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.