The implementation of 5G mobile network modems has come under scrutiny due to a collection of security flaws found in the firmware. These flaws affect major chipset vendors such as MediaTek and Qualcomm, impacting not only USB and IoT modems but also hundreds of smartphone models running Android and iOS. In this article, we will explore the vulnerabilities collectively known as 5Ghoul, their potential consequences, and the steps taken to mitigate the risks.
5G Security Vulnerabilities
The 5Ghoul vulnerabilities consist of 14 flaws, three of which have been classified as high-severity vulnerabilities. These vulnerabilities specifically affect the 5G modems produced by MediaTek and Qualcomm. While both vendors have released patches for 12 of the 14 flaws, it is crucial to understand the potential risks associated with these vulnerabilities.
Exploitation and Consequences
The 5Ghoul vulnerabilities can be exploited in various ways, leading to significant consequences for affected devices. Attackers can launch continuous attacks to drop connections or freeze the connection, requiring manual reboots. Furthermore, these vulnerabilities can even lead to the downgrading of 5G connectivity to 4G, impacting the user experience and potentially exposing sensitive information.
Smartphone models affected
The impact of these vulnerabilities is far-reaching, with as many as 714 smartphones from 24 different brands being affected. Popular brands like Vivo, Xiaomi, OPPO, Samsung, Honor, Motorola, and OnePlus are among those impacted. This highlights the widespread nature of the vulnerabilities and the need for immediate action.
Deception and rogue base stations
To exploit the 5Ghoul vulnerabilities, attackers attempt to deceive smartphones and 5G-enabled devices by connecting them to rogue base stations. This can be achieved by using apps like Cellular-Pro, which analyze the Relative Signal Strength Indicator (RSSI) readings. By manipulating these readings and utilizing a setup involving a software-defined radio and inexpensive mini PC, attackers can trick the user’s equipment into connecting to their malicious station.
Notable flaw: CVE-2023-33042
One of the most notable flaws among the 14 identified is CVE-2023-33042. This vulnerability allows an attacker within radio range to trigger a 5G connectivity downgrade or initiate a denial-of-service (DoS) attack within Qualcomm’s X55/X60 modem firmware. By sending malformed Radio Resource Control (RRC) frames to the target device from a nearby malicious gNB (base station), the attacker can disrupt the 5G connectivity and potentially compromise the device.
Other DoS vulnerabilities
In addition to CVE-2023-33042, there are several other DoS vulnerabilities that can impact the 5G connectivity of affected devices. Exploiting these vulnerabilities may require a manual reboot of the device to restore 5G connectivity. These vulnerabilities further underscore the importance of patching and mitigating the risks associated with flawed firmware implementations.
Patch releases
Both MediaTek and Qualcomm have responded promptly to the discovery of these vulnerabilities by releasing patches. As of now, patches have been made available for 12 out of the 14 flaws. It is essential for device manufacturers, service providers, and end-users to promptly apply these patches to ensure their devices are protected against potential attacks.
Implications for product vendors
The discovery of flaws in the implementation of 5G modems not only poses risks for chipset vendors like MediaTek and Qualcomm but also heavily impacts downstream product vendors. Smartphone manufacturers and other device makers must work in conjunction with chipset vendors to quickly address these vulnerabilities to maintain the integrity and security of their products.
The security flaws found in the firmware implementation of 5G mobile network modems are a cause for concern. The 5Ghoul vulnerabilities can lead to dropped connections, frozen connections, and even the downgrade of 5G connectivity to 4G. It is imperative for users, manufacturers, and service providers to remain vigilant and promptly apply the patches released by MediaTek and Qualcomm. By doing so, we can mitigate the risks associated with these vulnerabilities and ensure a safer and more secure 5G ecosystem for all.