New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands

December 08, 2023NewsroomVulnerability / Mobile Network

Disadvantages of 5G Modems

A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm that affect USB and IoT modems as well as hundreds of smartphone models running Android and iOS.

In 14 errors – called collective 5Ghoul (a combination of “5G” and “Ghoul”) – 10 affected 5G modems from two companies, of which three are classified as high severity vulnerabilities.

“5Ghoul’s vulnerabilities can be exploited to continuously launch attacks to drop connections, freeze connections involving manual reboots or downgrade 5G connectivity to 4G,” the researchers said. SAYS in a study published today.

Around 714 smartphones from 24 brands were affected, including those from Vivo, Xiaomi, OPPO, Samsung, Honor, Motorola, realme, OnePlus, Huawei, ZTE, Asus, Sony, Meizu, Nokia, Apple, and Google.

UPCOMING WEBINAR

Cracking the Code: Learn How Cyber ​​Attackers Exploit Human Psychology

Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.

Join now

The vulnerabilities were disclosed by a group of researchers from the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design (SUTD), who also previously disclosed BrakTooth in September 2021 and SweynTooth in February 2020.

The attacks, in short, try to trick a smartphone or a 5G-enabled device to connect to a rogue base station (gNB), resulting in unexpected consequences.

“The attacker does not need to know any secret information of the target UE for example, SIM card details of the UE, to complete the registration in the NAS network,” the researchers explained. “The attacker only needs to impersonate the legitimate gNB using the known Cell Tower connection parameters.”

Disadvantages of 5G Modems

A threat actor can do this by using apps like Cellular-Pro to detect Relative Signal Strength Indicator (RSSI) readings and trick user equipment into connecting to an adversarial station (ie, a software-defined radio) as well as an inexpensive mini PC.

Notable among the 14 flaws is CVE-2023-33042, which could allow an attacker within radio range to trigger a 5G connectivity downgrade or denial-of-service (DoS) within Qualcomm’s X55/X60 modems firmware by sending malformed Radio Resource Control (RRC) frame to the target 5G device from the nearby malicious gNB.

Cybersecurity

Successful exploitation of other DoS vulnerabilities may require a manual reboot of the device to restore 5G connectivity.

Patches are released for both MediaTek and Qualcomm for 12 of the 14 defects. Details of two other vulnerabilities are being withheld for confidentiality reasons and are expected to be disclosed in the future.

“Finding 5G modem vendor implementation issues has a significant impact on downstream product vendors,” the researchers said, adding that “it usually takes six or more months for 5G patches in security to finally reach the end-user via OTA update.”

“This is because the reliance on Modem/Chipset Vendor software adds complexity and therefore delays the process of creating and distributing patches to end users.”

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment