Security Flaws in 5G Modems: Impact on USB, IoT, and Smartphone Connectivity

The implementation of 5G mobile network modems has come under scrutiny due to a collection of security flaws found in the firmware. These flaws affect major chipset vendors such as MediaTek and Qualcomm, impacting not only USB and IoT modems but also hundreds of smartphone models running Android and iOS. In this article, we will explore the vulnerabilities collectively known as 5Ghoul, their potential consequences, and the steps taken to mitigate the risks.

5G Security Vulnerabilities

The 5Ghoul vulnerabilities consist of 14 flaws, three of which have been classified as high-severity vulnerabilities. These vulnerabilities specifically affect the 5G modems produced by MediaTek and Qualcomm. While both vendors have released patches for 12 of the 14 flaws, it is crucial to understand the potential risks associated with these vulnerabilities.

Exploitation and Consequences

The 5Ghoul vulnerabilities can be exploited in various ways, leading to significant consequences for affected devices. Attackers can launch continuous attacks to drop connections or freeze the connection, requiring manual reboots. Furthermore, these vulnerabilities can even lead to the downgrading of 5G connectivity to 4G, impacting the user experience and potentially exposing sensitive information.

Smartphone models affected

The impact of these vulnerabilities is far-reaching, with as many as 714 smartphones from 24 different brands being affected. Popular brands like Vivo, Xiaomi, OPPO, Samsung, Honor, Motorola, and OnePlus are among those impacted. This highlights the widespread nature of the vulnerabilities and the need for immediate action.

Deception and rogue base stations

To exploit the 5Ghoul vulnerabilities, attackers attempt to deceive smartphones and 5G-enabled devices by connecting them to rogue base stations. This can be achieved by using apps like Cellular-Pro, which analyze the Relative Signal Strength Indicator (RSSI) readings. By manipulating these readings and utilizing a setup involving a software-defined radio and inexpensive mini PC, attackers can trick the user’s equipment into connecting to their malicious station.

Notable flaw: CVE-2023-33042

One of the most notable flaws among the 14 identified is CVE-2023-33042. This vulnerability allows an attacker within radio range to trigger a 5G connectivity downgrade or initiate a denial-of-service (DoS) attack within Qualcomm’s X55/X60 modem firmware. By sending malformed Radio Resource Control (RRC) frames to the target device from a nearby malicious gNB (base station), the attacker can disrupt the 5G connectivity and potentially compromise the device.

Other DoS vulnerabilities

In addition to CVE-2023-33042, there are several other DoS vulnerabilities that can impact the 5G connectivity of affected devices. Exploiting these vulnerabilities may require a manual reboot of the device to restore 5G connectivity. These vulnerabilities further underscore the importance of patching and mitigating the risks associated with flawed firmware implementations.

Patch releases

Both MediaTek and Qualcomm have responded promptly to the discovery of these vulnerabilities by releasing patches. As of now, patches have been made available for 12 out of the 14 flaws. It is essential for device manufacturers, service providers, and end-users to promptly apply these patches to ensure their devices are protected against potential attacks.

Implications for product vendors

The discovery of flaws in the implementation of 5G modems not only poses risks for chipset vendors like MediaTek and Qualcomm but also heavily impacts downstream product vendors. Smartphone manufacturers and other device makers must work in conjunction with chipset vendors to quickly address these vulnerabilities to maintain the integrity and security of their products.

The security flaws found in the firmware implementation of 5G mobile network modems are a cause for concern. The 5Ghoul vulnerabilities can lead to dropped connections, frozen connections, and even the downgrade of 5G connectivity to 4G. It is imperative for users, manufacturers, and service providers to remain vigilant and promptly apply the patches released by MediaTek and Qualcomm. By doing so, we can mitigate the risks associated with these vulnerabilities and ensure a safer and more secure 5G ecosystem for all.

Explore more

Ethereum Uses AI Swarms to Proactively Patch Network Flaws

The architectural integrity of global decentralized networks has reached a pivotal juncture where the speed of malicious exploitation often outpaces the traditional cadence of human-led security audits. To address this widening gap, The Ethereum Foundation has fundamentally transitioned its security strategy from a reactive model to an automated, proactive defense paradigm that leverages the power of machine learning. This shift

How Is ERP Modernization Driving DLA to Audit Readiness?

The Defense Logistics Agency currently manages an intricate global supply chain that serves as the backbone for the United States military, requiring an unprecedented level of financial precision and operational transparency to meet modern oversight requirements. This massive undertaking involves a transition from aging, siloed legacy systems to a unified Enterprise Resource Planning environment designed to provide real-time visibility into

What Makes Odyssey Infostealer a Global Threat to macOS?

The long-standing myth that macOS remains immune to sophisticated cyberattacks has been decisively shattered by the emergence of the Odyssey infostealer, a highly specialized malware variant engineered to bypass modern system integrity protections. This transition represents a fundamental shift in the threat landscape, where the historical security-by-obscurity advantage once enjoyed by Apple users has entirely vanished. As the adoption of

Can AI Secure Windows Without Compromising Stability?

The sheer scale of modern software development has reached a point where manual code review is no longer sufficient to protect the billions of devices running Windows across the globe. As lines of code multiply and interdependencies become more complex, traditional security measures are struggling to keep pace with the rapid evolution of sophisticated digital threats. In response to this

Xero Launches JAX to Redefine Accounting with Agentic AI

Small business owners have historically spent an exhausting amount of time tethered to spreadsheets and receipts, but the emergence of agentic AI is finally turning those static records into a living, breathing financial command center that operates with minimal human oversight. With more than five million global subscribers now integrated into its ecosystem, Xero is spearheading a movement toward Accountable