Researchers have uncovered a series of security flaws in 5G basebands, the processors that connect cell phones to mobile networks, which could have allowed hackers to spy on users without detection.
The vulnerabilities were revealed during the Black Hat cybersecurity conference in Las Vegas recently, where a team from Pennsylvania State University presented their findings and published an academic paper.
According to a statement, the researchers identified security weaknesses in basebands developed by Samsung, MediaTek, and Qualcomm using a custom-built tool called 5GBaseChecker.
These processors were found in devices from major brands such as Google, OPPO, OnePlus, Motorola, and Samsung.
To aid further research into 5G vulnerabilities, the researchers released 5GBaseChecker on GitHub, making the tool available to other cybersecurity researchers.
GitHub is a popular platform for version control and collaboration, primarily used for software development.
An assistant professor at Penn State, Syed Hussain, shared with TechCrunch that he and his team managed to deceive phones with vulnerable 5G basebands into connecting to a counterfeit base station—essentially a fake cellphone tower—which allowed them to execute their attacks.
One of the students involved in the research, Kai Tu, noted that their most significant attack enabled them to exploit the phone via the fake base station.
“The security of 5G was completely compromised,” Tu said, describing the attack as “totally silent.”
Tu further explained that attackers exploiting these vulnerabilities could impersonate a victim’s contact and send a convincing phishing message.
Alternatively, they could direct the victim’s phone to a fraudulent website, tricking the victim into entering their credentials on a fake Gmail or Facebook login page.
The researchers also demonstrated the ability to force a victim’s phone to downgrade from 5G to older protocols like 4G, which could facilitate easier eavesdropping on the victim’s communications, according to Tu.
The researchers reported that most of the vendors they contacted have addressed these vulnerabilities. As of their latest update, they had identified and patched 12 different vulnerabilities in various 5G basebands.
The Executive Vice Chairman of the Nigerian Communications Commission, Dr Aminu Maida, recently highlighted that advancements in network technology, such as 5G and 6G, elevate the risk of cyberattacks.
“While we examine the current 5G landscape, which presents a wider attack surface due to the increased number of connected devices and denser network infrastructure, it’s crucial to also consider the future implications,” he stated.
In 2023, GSMA, the global association representing telecom operators, reported that 5G is likely to face heightened cyber threats due to its faster data speeds and reduced latency.