A group of researchers say they have discovered a series of security flaws in various 5G basebands (essentially the processors that phones use to connect to mobile networks) that could allow hackers to secretly hack and spy on victims.
The Penn State researchers presented their findings, along with an academic paper, on Wednesday at the Black Hat cybersecurity conference in Las Vegas.
Using a custom-made analysis tool called 5GBaseChecker, the researchers found vulnerabilities in basebands made by Samsung, MediaTek and Qualcomm that are used in phones made by Google, OPPO, OnePlus, Motorola and Samsung.
The researchers are Kai Tu, Yilu Dong, Abdullah Al Ishtiaq, Syed Md Mukit Rashid, Weixuan Wang, Tianwei Wu and Syed Rafiul Hussain. On Wednesday, they released 5GBaseChecker on GitHub so other researchers can use it to hunt for 5G vulnerabilities.
Hussain, the assistant professor at Penn State, told TechCrunch that he and his students were able to connect phones with vulnerable 5G basebands to fake cell towers (essentially fake cell towers) and launch the attack from there.
One of the students, Mr Tu, said the most serious attack allowed them to compromise mobile phones through fake cell towers, at which point “5G security was completely breached,” he said.
“The attack makes no noise at all,” Tu said.
Tu explained that the vulnerabilities he discovered could allow malicious hackers to send credible phishing messages pretending to be a friend of the victim, or they could direct the victim's phone to a malicious website, for example a fake Gmail or Facebook login page, tricking the victim into providing their credentials.
The researchers were also able to downgrade victims from 5G to 4G or older protocols, making it easier to eavesdrop on their communications, Tu said.
The researchers said that most of the vendors they contacted have fixed the vulnerabilities. At the time of writing, the researchers had identified and patched 12 vulnerabilities in various 5G basebands.
An anonymous Samsung spokesperson told TechCrunch that the company “has released software patches to affected smartphone vendors to address and resolve this issue,” while Google spokesperson Matthew Flegal also confirmed that the flaw had been fixed.
MediaTek and Qualcomm did not respond to requests for comment.