Researchers from the University of Pennsylvania at the Black Hat conference, which takes place in Las Vegas, demonstrated a method for tracking mobile device owners using baseband gaps in 5G.
Using the custom 5GBaseChecker tool, experts identified vulnerabilities in the baseband that are used by 5G modems from manufacturers such as Samsung, MediaTek and Qualcomm (used in Google, OPPO, OnePlus, Motorola and Samsung phones).
5GBaseChecker is currently available on GitHub, so other researchers have the opportunity to independently probe the mentioned vulnerabilities.
Syed Rafiul Hussain, an assistant professor at the University of Pennsylvania, told TechCrunch that he and his students were able to force the targeted phones to connect to a fake base station, which was the starting point of the attack.
Kai Tu, who participated in this experiment, said that when connecting to a fake base station, all security mechanisms are disabled. According to him, using the vulnerabilities found, an attacker can pretend to be one of the victim's friends and send a phishing message.
Or, by redirecting the victim's phone to a malicious website, the cybercriminal can trick the victim into giving out their credentials on a fake login page.
The researchers were also able to downgrade connectivity from 5G to older protocols, where many security issues remained. This downgrade makes it easier to intercept the victim's messages.
The researchers said that most of the vendors they contacted had fixed the vulnerabilities. At the moment, experts have fixed 12 gaps in different 5G bands. This was confirmed to TechCrunch by representatives of Samsung and Google.
Using the custom 5GBaseChecker tool, experts identified vulnerabilities in the baseband that are used by 5G modems from manufacturers such as Samsung, MediaTek and Qualcomm (used in Google, OPPO, OnePlus, Motorola and Samsung phones).
5GBaseChecker is currently available on GitHub, so other researchers have the opportunity to independently probe the mentioned vulnerabilities.
Syed Rafiul Hussain, an assistant professor at the University of Pennsylvania, told TechCrunch that he and his students were able to force the targeted phones to connect to a fake base station, which was the starting point of the attack.
Kai Tu, who participated in this experiment, said that when connecting to a fake base station, all security mechanisms are disabled. According to him, using the vulnerabilities found, an attacker can pretend to be one of the victim's friends and send a phishing message.
Or, by redirecting the victim's phone to a malicious website, the cybercriminal can trick the victim into giving out their credentials on a fake login page.
The researchers were also able to downgrade connectivity from 5G to older protocols, where many security issues remained. This downgrade makes it easier to intercept the victim's messages.
The researchers said that most of the vendors they contacted had fixed the vulnerabilities. At the moment, experts have fixed 12 gaps in different 5G bands. This was confirmed to TechCrunch by representatives of Samsung and Google.
