Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

‘5Ghoul’ Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems

Researchers call attention to 14 security defects that can be exploited to drop and freeze 5G connections on smartphones and routers.

Academic researchers from the ASSET Research Group at the Singapore University of Technology and Design are raising an alarm for more than a dozen vulnerabilities plaguing hundreds of smartphone models that employ specific 5G modems.

Collectively tagged as 5Ghoul, the 14 security defects can be exploited to drop and freeze 5G connections on smartphones and routers, and to conduct downgrading attacks, according to the research team. The majority of the flaws affect 5G modems from Qualcomm and MediaTek.

A typical exploit of the 5Ghoul vulnerabilities relies on a malicious base station (gNB) meant to ‘distract’ devices that employ vulnerable 5G modems into connecting to it. Once the connection is established, the flaws are exploited to target the devices’ connections, eventually forcing the users to manually reboot them.

“In practicality, 5Ghoul vulnerabilities can be easily exploited over-the-air by starting a malicious gNB within radio range of the target 5G UE device,” the researchers explained.

The attacker could use software defined radio (SDR) equipment, which may be the size of a Raspberry Pi, to behave like a cloned gNB, making the attack stealthy.

The targeted flaws, 12 of which are new, were identified in the 5G baseband modem firmware, meaning that all products using the affected modems are vulnerable. The impact, however, varies depending on the type of product.

Most of the security holes impact the radio resource control (RRC) attach procedure, which contains the RRC connection setup message. The authentication procedure is also affected, with all 5Ghoul issues “found during the pre-authentication stage of the communication between UE and gNB,” according to a paper documenting the issues.

The vulnerabilities can be triggered via malformed RRC connection setup messages or crafted NAS authentication requests.

Advertisement. Scroll to continue reading.

Patches for the 5Ghoul bugs are expected to reach Android smartphones this month. Vulnerabilities impacting Apple devices, however, will be addressed at another time.

Three of the bugs – CVE-2023-33042, CVE-2023-33043, and CVE-2023-33044 – were identified in Qualcomm modems. The chip maker mentioned them in its December 2023 security bulletin, warning that more than 70 chipset models are affected.

Seven of the flaws – CVE-2023-32842, CVE-2023-32844, CVE-2023-20702, CVE-2023-32846, CVE-2023-32841, CVE-2023-32843, and CVE-2023-32845 – impact MediaTek modems. In its December 2023 security bulletin, the company warned that more than 30 chipset models are affected.

The researchers estimate that more than 700 smartphone models are affected, with devices from Vivo (13.4%), Xiaomi (10.5%), Oppo (9.5%), Samsung (7.5%), and Honor (6.8%) being impacted the most. Roughly 1.7% of the affected devices are iPhones.

The academics also warn that the 5Ghoul vulnerabilities impact other types of devices as well, due to their use of vulnerable 5G modems. Industrial IoT solutions are also affected, such as Qualcomm’s 315 5G IoT modem.

Related: Qualcomm Patches Zero-Days Reported by Google

Related: Vulnerabilities in Qualcomm Chips Expose Billions of Devices

Related: Qualcomm, MediaTek Wi-Fi Chips Vulnerable to Kr00k-Like Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.