Researchers from the Singapore University of Technology and Design have identified a series of security vulnerabilities in the firmware of 5G mobile network modems, collectively referred to as 5Ghoul. This set of flaws impacts devices using Qualcomm and MediaTek chips and may affect 5G modems in smartphones, CPE routers, and USB modems, potentially allowing threat actors to disrupt or manipulate connections, leading to issues such as manual reboots or downgrading 5G connectivity to 4G. The vulnerabilities expose 714 smartphones from 24 vendors, including Samsung, OnePlus, Oppo, Vivo, Xiaomi, Apple, and Google, to potential exploitation.
The 5Ghoul vulnerabilities are rooted in the implementation of 5G mobile network modems’ firmware from major chipset vendors, namely Qualcomm and MediaTek. Researchers disclosed a total of 14 vulnerabilities, with 10 affecting commercial off-the-shelf (COTS) edge devices using 5G modems from the mentioned vendors. The flaws could be exploited by attackers to deceive a 5G-enabled target device into connecting to a rogue base station, allowing them to manipulate or inject 5G NR Downlink Packets. This potentially enables disruptions such as blocking or freezing connections and downgrading 5G connectivity to 4G. The vulnerabilities impact 714 smartphones from 24 vendors, including major players like Samsung, OnePlus, Apple, and Google.
The vulnerabilities, collectively known as 5Ghoul, impact the firmware implementation of 5G mobile network modems from major chipset vendors Qualcomm and MediaTek. Researchers from the Singapore University of Technology and Design disclosed a total of 14 vulnerabilities, with 10 affecting commercial off-the-shelf (COTS) edge devices using 5G modems from the mentioned vendors. These vulnerabilities could be exploited by attackers to deceive a 5G-enabled target device into connecting to a rogue base station, enabling them to manipulate or inject 5G NR Downlink Packets, potentially causing disruptions such as blocking or freezing connections and downgrading 5G connectivity to 4G. The flaws impact 714 smartphones from 24 vendors, including major manufacturers like Samsung, OnePlus, Apple, and Google.
