Flaw in 5G phones exposes millions of users to spying
A team of researchers from Pennsylvania State University has revealed a series of security vulnerabilities in 5G basebands, the processors that enable phones to connect to mobile networks. These flaws could potentially be exploited by cybercriminals to infiltrate and spy on victims covertly. The findings were presented at the Black Hat cybersecurity conference in Las Vegas and also published in an academic paper.
Custom tool uncovers vulnerabilities in 5G basebands
The research team, including Kai Tu, Yilu Dong, Abdullah Al Ishtiaq, Syed Md Mukit Rashid, Weixuan Wang, Tianwei Wu, and Syed Rafiul Hussain used a custom-made analysis tool named '5GBaseChecker.' This tool was instrumental in identifying vulnerabilities in basebands manufactured by Samsung, MediaTek and Qualcomm. These compromised basebands are found in smartphones produced by Google, OPPO, OnePlus, Motorola, and Samsung, among others.
Researchers demonstrate potential attacks using baseband flaws
The research team has made 5GBaseChecker available on GitHub for other researchers to use in their search for 5G vulnerabilities. Hussain, an assistant professor at Penn State University, revealed that he and his students were able to trick phones with these vulnerable 5G basebands into connecting with a fake base station. This connection served as a launchpad for their attacks.
Exploitation of 5G baseband flaws poses significant threat
Tu, a member of the research team, highlighted their most critical attack that allowed them to exploit the phone from the fake base station. He stated that "the security of 5G was totally broken." He further added that "the attack is totally silent." By exploiting these vulnerabilities, a malicious hacker could impersonate a friend of the victim and send a convincing phishing message or direct the victim's phone to a harmful website.
Researchers discover additional risks and potential eavesdropping
The researchers also discovered that they could downgrade a victim from 5G to older protocols like 4G or even older ones. This tactic made it easier for them to eavesdrop on the victim's communications. Most vendors contacted by the researchers have addressed these vulnerabilities. As of now, 12 vulnerabilities in different 5G basebands have been identified and patched.
Tech giants respond to 5G baseband security flaws
Samsung spokesperson Chris Langlois confirmed that the company had "released software patches to affected smartphone vendors to address and resolve this matter." Google's Matthew Flegal also confirmed that the flaws were now fixed. However, MediaTek and Qualcomm did not respond to a request for comment on these security issues. This industry response indicates a proactive approach toward addressing these newly discovered 5G baseband vulnerabilities.