Numerous devices that use MediaTek and Qualcomm connectivity gear have been exposed to security concerns due to a set of 5G modem vulnerabilities known as 5Ghoul.
Following a responsible disclosure period, researchers from the Singapore University of Technology and Design first published about the vulnerabilities after the two chipmakers revealed details on 5Ghoul in their December advisories.
Mobile phones, USB modems, and routers used on the premises (CPE) could all be vulnerable to the long list of flaws that have been found thus far.
How Safe Are The 5G Gadgets?
The researchers have so far discovered twelve additional vulnerabilities in addition to the two that they had already discovered. Ten of those have an impact on Qualcomm and MediaTek 5G modems, which in turn have an impact on over 710 distinct smartphone models, including well-known iPhone models.
Moreover, high severity classification has been assigned to three of the ten modems that are affected by Qualcomm and MediaTek.
Hostile actors could use the flaws to deceive a 5G-capable device into connecting to a rogue base station. The researchers stated, “The target UE will connect to the adversarial gNB once the attacker is close enough to the target [user equipment—UE] and the adversarial gNB’s Received Signal Strength Indicator (RSSI) is higher than the legitimate gNB.”
The paper further states that to finish the NAS network registration, the attacker does not need to know any private information about the target UE, such as the SIM card details. Using the given cell Tower connection characteristics (e.g., SSB ARFCN, Tracking Area Code, Physical Cell ID, Point A Frequency), the attacker just needs to mimic the authentic gNB.
Many of the vulnerabilities have already been fixed by Qualcomm and MediaTek; however, many end customers have not yet seen the benefits. According to the report, an Android fix is expected this month, but iPhone owners may have to wait until 2024.