Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

‘5Ghoul’ Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems

Researchers call attention to 14 security defects that can be exploited to drop and freeze 5G connections on smartphones and routers.

Academic researchers from the ASSET Research Group at the Singapore University of Technology and Design are raising an alarm for more than a dozen vulnerabilities plaguing hundreds of smartphone models that employ specific 5G modems.

Collectively tagged as 5Ghoul, the 14 security defects can be exploited to drop and freeze 5G connections on smartphones and routers, and to conduct downgrading attacks, according to the research team. The majority of the flaws affect 5G modems from Qualcomm and MediaTek.

A typical exploit of the 5Ghoul vulnerabilities relies on a malicious base station (gNB) meant to ‘distract’ devices that employ vulnerable 5G modems into connecting to it. Once the connection is established, the flaws are exploited to target the devices’ connections, eventually forcing the users to manually reboot them.

“In practicality, 5Ghoul vulnerabilities can be easily exploited over-the-air by starting a malicious gNB within radio range of the target 5G UE device,” the researchers explained.

The attacker could use software defined radio (SDR) equipment, which may be the size of a Raspberry Pi, to behave like a cloned gNB, making the attack stealthy.

The targeted flaws, 12 of which are new, were identified in the 5G baseband modem firmware, meaning that all products using the affected modems are vulnerable. The impact, however, varies depending on the type of product.

Most of the security holes impact the radio resource control (RRC) attach procedure, which contains the RRC connection setup message. The authentication procedure is also affected, with all 5Ghoul issues “found during the pre-authentication stage of the communication between UE and gNB,” according to a paper documenting the issues.

The vulnerabilities can be triggered via malformed RRC connection setup messages or crafted NAS authentication requests.

Advertisement. Scroll to continue reading.

Patches for the 5Ghoul bugs are expected to reach Android smartphones this month. Vulnerabilities impacting Apple devices, however, will be addressed at another time.

Three of the bugs – CVE-2023-33042, CVE-2023-33043, and CVE-2023-33044 – were identified in Qualcomm modems. The chip maker mentioned them in its December 2023 security bulletin, warning that more than 70 chipset models are affected.

Seven of the flaws – CVE-2023-32842, CVE-2023-32844, CVE-2023-20702, CVE-2023-32846, CVE-2023-32841, CVE-2023-32843, and CVE-2023-32845 – impact MediaTek modems. In its December 2023 security bulletin, the company warned that more than 30 chipset models are affected.

The researchers estimate that more than 700 smartphone models are affected, with devices from Vivo (13.4%), Xiaomi (10.5%), Oppo (9.5%), Samsung (7.5%), and Honor (6.8%) being impacted the most. Roughly 1.7% of the affected devices are iPhones.

The academics also warn that the 5Ghoul vulnerabilities impact other types of devices as well, due to their use of vulnerable 5G modems. Industrial IoT solutions are also affected, such as Qualcomm’s 315 5G IoT modem.

Related: Qualcomm Patches Zero-Days Reported by Google

Related: Vulnerabilities in Qualcomm Chips Expose Billions of Devices

Related: Qualcomm, MediaTek Wi-Fi Chips Vulnerable to Kr00k-Like Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights