Solomon NjugunaNumerous security vulnerabilities in the firmware implementation of 5G mobile network modems from well-known chipset manufacturers, including MediaTek and Qualcomm, affect hundreds of Android and iOS smartphone models in addition to USB and Internet of Things modems.
Numerous security vulnerabilities in the firmware implementation of 5G mobile network modems from well-known chipset manufacturers, including MediaTek and Qualcomm, affect hundreds of Android and iOS smartphone models in addition to USB and Internet of Things modems.
Ten of the fourteen vulnerabilities—collectively dubbed 5Ghoul, a mashup of “5G” and “Ghoul”—affect 5G modems made by the two businesses; three of these have been categorized as high-severity vulnerabilities.
In a paper released today, the researchers stated that “5Ghoul vulnerabilities may be exploited to continuously launch attacks to drop the connections, freeze the connection that involves manual reboot or downgrade the 5G connectivity to 4G.”
The attacks, in a nutshell, attempt to deceive a smartphone or a 5G-enabled device to connect a rogue base station (gNB), resulting in unintended consequences.
To achieve this, a threat actor can use applications such as Cellular-Pro to ascertain the readings of the Relative Signal Strength Indicator (RSSI) and deceive the user equipment into connecting to the adversarial station. This adversarial station is comprised of a software-defined radio and an affordable mini PC, among other components.
“Finding issues in the implementation of the 5G modem vendor heavily impacts product vendors downstream,” the investigators stated, adding that “it can often take six or more months for 5G security patches to finally reach the end-user via an OTA update.”
“This is because the software dependency of product vendors on the Modem / Chipset Vendor adds complexity and hence delays to the process of producing and distributing patches to the end-user.”
