Hackers could spy on cell phone users by abusing 5G baseband flaws, researchers say

Date:

Share post:


A group of researchers say they have uncovered a series of security flaws in different 5G basebands — essentially processors used by cell phones to connect to mobile networks — which could have allowed hackers to stealthily hack victims and spy on them. 

The researchers from Pennsylvania State University presented their findings at the Black Hat cybersecurity conference in Las Vegas on Wednesday, as well as in an academic paper. 

Using a custom-made analysis tool they called 5GBaseChecker, the researchers uncovered baseband vulnerabilities made by Samsung, MediaTek, and Qualcomm, which are used in phones made by Google, OPPO, OnePlus, Motorola, and Samsung. 

The researchers are Kai Tu, Yilu Dong, Abdullah Al Ishtiaq, Syed Md Mukit Rashid, Weixuan Wang, Tianwei Wu, and Syed Rafiul Hussain. On Wednesday, they released 5GBaseChecker on GitHub so that other researchers can use it to hunt for 5G vulnerabilities. 

Hussain, an assistant professor at Penn State, told TechCrunch that he and his students were able to trick phones with those vulnerable 5G basebands into connecting to a fake base station — essentially a fake cell phone tower — and from there launch their attacks. 

Tu, one of the students, said that their most critical attack allowed them to exploit the phone from that fake base station. At that point, Tu said, “the security of 5G was totally broken.”

“The attack is totally silent,” Tu added. 

Tu explained that by taking advantage of the vulnerabilities they found, a malicious hacker could pretend to be one of the victim’s friends and send a credible phishing message. Or by directing the victim’s phone to a malicious website, the hacker could trick the victim into providing their credentials on a fake Gmail or Facebook login page, for example. 

The researchers were also able to downgrade a victim from 5G to older protocols like 4G or even older ones, making it easier to eavesdrop on the victim’s communications, said Tu. 

The researchers said that most vendors they contacted have fixed the vulnerabilities. At the time of writing, the researchers identified and got patched 12 vulnerabilities in different 5G basebands.

Samsung spokesperson Chris Langlois said in a statement to TechCrunch that the company had “released software patches to affected smartphone vendors to address and resolve this matter,” while Google spokesperson Matthew Flegal also confirmed that the flaws were now fixed.

MediaTek and Qualcomm did not respond to a request for comment. 



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

‘Wolfs’ sequel canceled because director ‘no longer trusted’ Apple

It may be hard to remember, but George Clooney and Brad Pitt co-starred in a movie, “Wolfs,”...

DOJ tells Google to sell Chrome

Welcome back to Week in Review. This week, we’re exploring the DOJ telling Google to sell off...

Tesla says it has reached a ‘conditional’ settlement in Rivian trade secrets lawsuit

Tesla and Rivian may have resolved a lawsuit in which Tesla accused Rivian of poaching employees and...

The rise and fall of the ‘Scattered Spider’ hackers

After evading capture for more than two years following a hacking spree that targeted some of the...

Trump’s tariff threats don’t scare this Mexican fintech

Mexico’s economic development — turbocharged by the amount of nearshoring in recent years — has made it...

Meet three incoming EU lawmakers in charge of key tech policy areas

The European Union looks to have clinched political agreement on the team of 26 commissioners who will...

OpenAI accidentally deleted potential evidence in NY Times copyright lawsuit (updated)

Lawyers for The New York Times and Daily News, which are suing OpenAI for allegedly scraping their...

Sequoia marks up its 2020 fund by 25%

Sequoia says no exits, no problem. The Silicon Valley titan of venture marked up the value of its...