A group of researchers say they have uncovered a series of security flaws in different 5G basebands — essentially processors used by cellphones to connect to mobile networks — which could have allowed hackers to stealthily hack victims and spy on them.
The researchers from Pennsylvania State University presented their findings at the Black Hat cybersecurity conference in Las Vegas on Wednesday, as well as an academic paper.
Using a custom-made analysis tool they called 5GBaseChecker, the researchers uncovered baseband vulnerabilities made by Samsung, MediaTek, and Qualcomm, which are used in phones made by Google, OPPO, OnePlus, Motorola, and Samsung.
The researchers are: Kai Tu, Yilu Dong, Abdullah Al Ishtiaq, Syed Md Mukit Rashid, Weixuan Wang, Tianwei Wu, and Syed Rafiul Hussain. On Wednesday, they released 5GBaseChecker on GitHub, so that other researchers can use it to hunt for 5G vulnerabilities.
Hussain, an assistant professor at Penn State, told TechCrunch that he and his students were able to trick phones with those vulnerable 5G basebands into connecting to a fake base station — essentially a fake cellphone tower — and from there launch their attacks.
Tu, one of the students, said that their most critical attack allowed them to exploit the phone from that fake base station. At that point, Tu said, “the security of 5G was totally broken.”
“The attack is totally silent,” Tu said.
Tu explained that by taking advantage of the vulnerabilities they found, a malicious hacker could pretend to be one of the victim’s friends and send a credible phishing message. Or by directing the victim’s phone to a malicious website, the hacker could trick the victim into providing their credentials on a fake Gmail or Facebook login page, for example.
The researchers were also able to downgrade a victim from 5G to older protocols like 4G or even older ones, making it easier to eavesdrop on the victim’s communications, said Tu.
The researchers said that most vendors they contacted have fixed the vulnerabilities. At the time of writing, the researchers identified and got patched 12 vulnerabilities in different 5G basebands.
Samsung told TechCrunch that it had “released software patches to affected smartphone vendors to address and resolve this matter,” while Google also confirmed it had fixed the bugs.
MediaTek and Qualcomm did not respond to a request for comment.