Published:

Over 700 Smartphone Models at Risk: Researchers Uncover 5G Network Vulnerabilities

Researchers at the Singapore University of Technology and Design have discovered vulnerabilities in 5G modems, affecting over 710 smartphone models from major manufacturers, enabling attackers to perform denial-of-service attacks. Qualcomm and Mediatek have provided security updates, but the patch distribution faces challenges, particularly for older or less expensive smartphone models within the Android ecosystem.

A team of researchers from the Singapore University of Technology and Design (SUTD) has identified multiple vulnerabilities in 5G modems used in over 710 smartphone models. This discovery, which affects devices from major manufacturers, has exposed a critical weakness in the infrastructure of the latest telecommunications technology.

The vulnerabilities, collectively termed “5Ghoul” by the researchers, were found in the 5G modems of two leading chipmakers, Qualcomm and Mediatek. Of the 14 vulnerabilities identified, ten are linked to these companies’ products, with three classified as high severity. The researchers have opted to withhold details of two vulnerabilities for security reasons.

These security gaps primarily enable attackers to execute denial-of-service (DoS) attacks. By exploiting these vulnerabilities, an attacker can disrupt the network connectivity of the targeted devices, causing the modems to crash and necessitating a complete device restart to regain 5G connectivity. The attack can be launched using a malicious 5G base station within the radio range of the target device, and it does not require any information about the victim’s SIM card. This is because the attack can be carried out before the completion of the NAS authentication process.

The scope of this issue is extensive, impacting 714 smartphone models from renowned brands such as Samsung, Oneplus, Oppo, Vivo, Xiaomi, Motorola, Sony, Asus, Huawei, Nokia, and LG. Notably, Qualcomm chips are found in 670 of these models, accounting for 94 percent of the affected devices.

According to a report by Bleeping Computer, Qualcomm and Mediatek had provided security updates to smartphone manufacturers two months prior to address these vulnerabilities. Both chipmakers have issued security bulletins naming the 5Ghoul vulnerabilities. However, the distribution of these updates poses a challenge, particularly within the Android ecosystem. Many users, especially those with older or less expensive smartphone models, may face delays in receiving the updates or might not receive them at all.

Bhasker Das
Bhasker Das
Bhasker Das, with a master's in Cybersecurity, is a seasoned editor focusing on online security, privacy, and protection. When not decrypting the complexities of the cyber world, Anu indulges in his passion for chess, seeing parallels in strategy and foresight.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More from this stream