A team of academic experts has revealed a collection of vulnerabilities within various 5G basebands, or the central processing units for mobile communications in smartphones, that could have been exploited by cyber attackers to covertly infiltrate and monitor unsuspecting users.
This group, hailing from Pennsylvania State University, showcased their research at the Black Hat cybersecurity event in Las Vegas on Wednesday, accompanied by a scholarly document.
Employing a bespoke analytical tool they named 5GBaseChecker, the team discovered flaws within the basebands manufactured by Samsung, MediaTek, and Qualcomm, which are components of devices produced by Google, OPPO, OnePlus, Motorola, and Samsung.
The research team includes Kai Tu, Yilu Dong, Abdullah Al Ishtiaq, Syed Md Mukit Rashid, Weixuan Wang, Tianwei Wu, and Syed Rafiul Hussain. On Wednesday, they made 5GBaseChecker available on GitHub for the broader research community to assist in identifying 5G security issues.
Hussain, serving as an assistant professor at Penn State, conveyed to TechCrunch how he, along with his student group, succeeded in deceiving phones with the compromised 5G basebands to connect to an imitated base station, functioning as a fake cellular tower, which then became the launching pad for their attacks.
Tu, a student involved in the project, highlighted that their paramount attack could target the phone through this mock station, undermining the entire security framework of 5G at that juncture, describing the attack as completely covert.
Tu further elaborated that exploiting these discovered vulnerabilities could enable a hacker to impersonate a known contact of the victim to send believable phishing texts, or by rerouting the victim’s phone to a harmful site, they could coerce victims into divulging their personal login details on sham pages resembling Gmail or Facebook.
Additionally, Tu mentioned their capacity to degrade a victim’s phone connection from 5G to less secure, older network protocols like 4G, hence simplifying the process of intercepting the victim’s communications.
The researchers acknowledged that the majority of the affected manufacturers have since addressed these security issues, with a total of 12 identified and rectified vulnerabilities within various 5G basebands noted at the time of this report.
A representative from Samsung, preferring to remain anonymous, informed TechCrunch that they have disseminated software updates to smartphone manufacturers to mitigate these vulnerabilities, a sentiment echoed by Google spokesperson Matthew Flegal, who also confirmed the resolution of these flaws.
MediaTek and Qualcomm, when approached for comments, have yet to respond.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
