A team of researchers has revealed security vulnerabilities in various 5G basebands, the processors used by mobiles to connect to mobile networks. These flaws could potentially allow hackers to covertly infiltrate and spy on users.
The findings were presented by the Pennsylvania State University researchers at the Black Hat cybersecurity conference in Las Vegas on Wednesday, as well as in an academic paper. The researchers used a tool they developed called 5GBaseChecker to identify vulnerabilities in basebands from Samsung, MediaTek, and Qualcomm, which are found in devices from manufacturers like Google, OPPO, OnePlus, Motorola, and Samsung.
The research team includes Kai Tu, Yilu Dong, Abdullah Al Ishtiaq, Syed Md Mukit Rashid, Weixuan Wang, Tianwei Wu, and Syed Rafiul Hussain. On Wednesday, they made 5GBaseChecker available on GitHub to enable other researchers to identify similar 5G vulnerabilities.
According to Hussain, an assistant professor at Penn State, the researchers were able to trick phones with these vulnerable 5G basebands into connecting to a fake base station—a simulated cell tower—allowing them to launch their attacks. Tu, one of the students, reported that their most severe attack could exploit the phone through this fake base station, leading to a complete breach of 5G security. “The attack is entirely silent,” Tu added.
Tu said that hackers could easily exploit such known vulnerabilities to send deceptive phishing messages, giving a pretense of being the victim’s friend, or phishing that could redirect the victim’s phone to some malicious site, where they might fall in the trap of filling their credentials on a fake Gmail or Facebook login form with the help of some further trickery. The researchers said they were also able to trigger a user’s phone to downgrade from 5G to 4G or even 3G, facilitating the interception of calls and messages. Most of the vendors Contacted have already fixed the highlighted flaws; 12 vulnerabilities that hit a range of 5G basebands have been fixed. Samsung and Google said the corresponding fixes are already rolled out. Both MediaTek and Qualcomm did not comment.