Researchers from the University of Florida and North Carolina State University have identified 119 security vulnerabilities affecting LTE and 5G implementations, posing severe risks to cellular communication systems. These vulnerabilities span seven LTE implementations, including Open5GS, Magma, and Athonet, and three 5G implementations, such as Open5GS and OpenAirInterface. The vulnerabilities, assigned 97 unique CVE identifiers, can be exploited to disrupt city-wide cellular communications and potentially infiltrate the core network. This includes crashing critical components like the Mobility Management Entity (MME) or Access and Mobility Management Function (AMF) with minimal effort.
The flaws, revealed through a fuzzing exercise called RANsacked, target Radio Access Network (RAN)-Core interfaces, which handle inputs from mobile handsets and base stations. Some vulnerabilities involve buffer overflows and memory corruption, which attackers could use to monitor subscriber location and connection data or execute targeted attacks. Additionally, these exploits could allow adversaries to conduct malicious actions within the cellular core network. The findings highlight significant weaknesses in systems previously assumed to be secure.
Researchers categorized the vulnerabilities into two groups: those exploitable by any unauthenticated mobile device and those requiring access to a compromised base station or femtocell.
A notable 79 vulnerabilities were linked to MME implementations, 36 to AMF implementations, and four to SGW implementations. Twenty-five vulnerabilities facilitate Non-Access Stratum (NAS) pre-authentication attacks, allowing attackers to exploit network elements using arbitrary mobile devices. This demonstrates that unauthenticated devices can cause widespread service disruption.
The study emphasizes how emerging technologies like femtocells and gNodeB base stations have shifted the security landscape, exposing RAN equipment to adversarial threats. Previously, such equipment was locked down and assumed to be secure, but it is now vulnerable due to its accessibility. The research underscores the urgency of addressing these vulnerabilities to safeguard cellular networks against escalating risks and ensure the integrity of LTE and 5G infrastructures.