A group of security flaws in the implementation of firmware in the 5G cellular network modems from chipset vendors like MediaTek and Qualcomm has badly affected the USB and iOT modems and many mobiles having iOS and Android systems.
There are total 14 flaws cumulatively called 5Ghaul. 10 falws are impacting 5G modems from two companies. High-severity vulnerabilities, have been assigned to 3 flaws.
According to one study published by an expert, “5Ghoul vulnerabilities may be exploited to continuously launch attacks to drop the connections, freeze the connection that involve manual reboot or downgrade the 5G connectivity to 4G,”
714 mobile phone models from 24 brands are affected, these include Asus, Sony, Meizu, Honor, Motorola, realme, Nokia, Apple, Google. Vivo, Xiaomi, OPPO, Samsung, OnePlus, Huawei, and ZTE.
The flaws were detected by the research group called ASSET (Automated Systems SEcuriTy) at the Singapore University of Technology and Design (SUTD). The group had already detected SweynTooth in February 2020 and BrakTooth in September 2021.
The flaws resulted in intended consequences by deceiving a mobile or a 5G-enabled device to connect a rogue base station (gNB).
“The attacker does not need to be aware of any secret information of the target UE e.g., UE’s SIM card details, to complete the NAS network registration,” the experts told. “The attacker only needs to impersonate the legitimate gNB using the known Cell Tower connection parameter.”
The main flaw from the 5Ghaul is CVE-2023-33042, which can allow the hacker to cause 5G connectivity downgrade by sending malformed Radio Resource Control (RRC) frame to attack a 5G mobiles from a fraud gNB.
The mobile restart is required to restore the 5G connectivity successully.
Read The Article A Legendary Comedian “Norman Lear” Is Dead At The Age OF 101