Researchers from Pennsylvania State University have unearthed alarming security vulnerabilities in 5G basebands, the core processors that enable mobile devices to connect to 5G networks. These vulnerabilities could potentially allow malicious actors to stealthily infiltrate devices and conduct surveillance on unsuspecting users.
The research team, led by assistant professor Syed Rafiul Hussain, developed a tool called 5GBaseChecker to identify these flaws. Their investigation revealed vulnerabilities in basebands from major manufacturers like Samsung, MediaTek, and Qualcomm, which are widely used in devices from popular brands such as Google, OPPO, OnePlus, Motorola, and Samsung.
The researchers demonstrated the severity of these vulnerabilities by successfully tricking vulnerable phones into connecting to a fake base station, effectively simulating a legitimate cell tower. This allowed them to launch various attacks, including a complete breach of 5G security, as reported by student researcher Kai Tu.
One particularly concerning attack involved exploiting the vulnerabilities to send deceptive phishing messages. These messages could be disguised to appear as if they were from a trusted contact, or they could redirect the victim’s phone to a malicious website designed to steal personal information.
Furthermore, the researchers were able to force a user’s phone to downgrade from 5G to older network generations like 4G or even 3G. This downgrade significantly weakens security protocols, making it easier for attackers to intercept calls and messages.
The research team responsibly disclosed their findings to the affected vendors, and many of the identified vulnerabilities have already been addressed. Samsung and Google have confirmed that they have rolled out fixes for the flaws affecting their devices. However, MediaTek and Qualcomm have not yet commented on the matter.
