We all know by now that 5G is faster than the current 4G we are using. However, new research shows it has numerous flaws as well, which could put smartphone users in danger.
Security researchers at Purdue University and the University of Iowa have discovered almost a dozen weaknesses in the 5G network. These flaws, they say, can be used to track a user’s real-time location, trick emergency alerts that can cause panic, or unknowingly detach a 5G-connected smartphone from the network completely.
Too Many Vulnerabilities
5G is also believed to be more secure than the 4G network, capable of resisting exploits used in target users of older network protocols such as 2G and 3G. However, the researchers’ discoveries clearly show that flaws sabotage the newer security and privacy measures in 5G.
Even worst, the researchers explained that some of the new attacks could also be carried on current 4G networks.
The researchers took their previous discoveries to the next level and built a new tool, known as the 5GReasoner, which was utilized to find 11 new 5G flaws. By designing a malicious radio base station, a hacker can perform numerous attacks against a victim’s connected smartphone utilized for surveillance and also disturbance.
In a single attack, the discoverers said they could get both old and new temporary network detectors of a victim’s smartphone, enabling them to identify the paging occurrence, which can be utilized to trace the device’s location, or even hijack the paging channel to enable fake emergency alerts.
This could conduct to fake chaos, the researchers explained, much alike to when an emergency alert sent by mistake said Hawaii was close to being hit by a ballistic missile as the nuclear tensions between the U.S. and North Korea were pretty high.
Second Batch of Findings
Another strike could be utilized to design an extended denial-of-service status against a victim’s smartphone from the cellular network.
In some instances, the vulnerabilities could be used to reduce a cellular connection to a not-so-secure condition, which makes it possible for law enforcement, as well as hackers, to run surveillance attacks on their victims.
All these new attacks can be performed by anyone with a bit of knowledge of 4G and 5G networks, and an affordable software-defined radio, Syed Rafiul Hussain, one of the researchers wrote in their new paper.
Considering the construct of the flaws, the researchers said they have no intent to release their prototype exploitation code for the wide public. Instead, they announced the GSM Association (GSMA), an inner-branch organization that represents cell networks all over the world, of their discoveries.
Even though the researchers were recognized by the organization’s mobile security pantheon, spokesperson Claire Cranton said the flaws were, in fact, ruled as ‘nil or low-impact in practice.’ The GSMA did not mention whether the flaws would be fixed, or give a time window for any patches. However, the spokesperson said the researchers’ discoveries might bring in clarifications to the status which is written vaguely.
The researchers proceeded to release the second batch of discoveries in as many weeks. The prior week, the team found numerous security vulnerabilities in the baseband protocol of renown Android smartphones, such as Huawei Nexus 6P and Samsung Galaxy S8 Plus. The flaws make these devices vulnerable to spying attacks on their users.