One of these, Piercer, lets you determine the unique IMSI number attached to a user. on a 4G network An IMSI-Cracking attack can guess the IMSI number through brute force on both 4G and 5G. This makes it possible to snoop on calls and location info through devices like Stingrays even if you have a brand new 5G handset. Torpedo can also insert or block messages like Amber alerts.

The vulnerabilities potentially affect most any 4G or 5G network in the world, although the degree varies widely. All four of the largest US carriers (AT&T, Sprint, T-Mobile and Engadget parent Verizon) are susceptible to Torpedo, while one unnamed network could also fall prey to Piercer.

These aren't permanent flaws, although the fixes will take some time. Torpedo and IMSI-Cracking would require solutions directly from the industry's cellular standards body, the GSMA (which knows about the issue). Piercer would require the carriers to step in. Thankfully, you probably won't see this in the wild when the researchers are keeping the exact methods a secret. It's still concerning, though, and could prove dangerous if someone independently develops attacks before there are defenses in place.