Recently, openly in the publication published, information has been disclosed about serious vulnerabilities in the firmware of 5G modems that affect the products of leading manufacturers of chipsets such as MediaTek and Qualcomm. These vulnerabilities not only pose a threat to USB and IoT modems, but also to numerous Android and iOS smartphones.
A group of researchers have uncovered 14 vulnerabilities, all collectively known as “5Ghoul” (combining the words 5G and GHOUL). Among these vulnerabilities, 10 are related to 5G modems from MediaTek and Qualcomm, with three of them classified as highly serious.
Of significant concern is that the “5Ghoul” vulnerabilities can be exploited to initiate attacks that disrupt the connection, freeze the connection requiring manual reboot, or downgrade the 5G connection to 4G, according to the study.
A total of 714 smartphone models from 24 different brands are at risk, including Vivo, Xiaomi, Oppo, Samsung, Honor, Motorola, Realme, OnePlus, Huawei, ZTE, Asus, Sony, Meizu, Nokia, Apple, and Google.
The group of researchers who discovered these security vulnerabilities belong to Asset Research Group at the Singapore University of Technologies and Design. In the past, they have also identified vulnerabilities named Braktooth in September 2021 and Sweyntooth in February 2020.
The attacks primarily involve manipulating smartphones or 5G devices, tricking them into connecting to a malicious base station. The researchers explain that attackers don’t require secret information about the target equipment, such as parts of the SIM card, rather they only need to imitate the legitimate base station’s operations.
List of “5Ghoul” vulnerabilities:
- CVE-2023-33042: This key vulnerability enables attackers within range to degrade the quality of 5G communication or cause a refusal to serve in the firmware of the Qualcomm X55/X60 modem by sending an incorrectly formatted frame for managing radio resources to the target 5G device.
Other denial of service vulnerabilities may require manual device reboot to restore 5G connectivity.
Patches for 12 out of the 14 identified vulnerabilities have already been released by MediaTek and Qualcomm. Information regarding the remaining two