Piercer and IMSI-Cracking Attacks
In addition, the ToRPEDO attack also opens a door for two other new attacks—the PIERCER and IMSI-Cracking attacks, leading to the full recovery of the victim device's persistent identity (i.e., IMSI).
Exist due to a design flaw, PIERCER (Persistent Information ExposuRe by the CorE netwoRk) attack enables an attacker to associate the victim device's unique IMSI with its phone number.
"Some service providers use IMSIs instead of TMSIs in paging messages to identify devices with pending services," the researchers explained. "A simple manual testing revealed that it is possible to give the service provider the impression that the exceptional case is occurring which forces it to reveal the victim’s IMSI."
According to researchers, ToRPEDO attack also enables an attacker with the knowledge of the victim’s phone number to retrieve the victim’s IMSI, on both 4G and 5G, by launching a brute-force attack.
With IMSI number in hands, the attackers can launch previously discovered attacks, potentially allowing them to snoop on victim's calls and location info using IMSI catchers like Stingrays and DRTBox even if the victim owns a brand new 5G handset, which is why one should be more concerned about these attacks.