Although 5G is faster and more secure than 4G, new research suggests it still has some vulnerabilities that put mobile phone users at risk. Security researchers at Purdue University and the University of Iowa have discovered nearly a dozen vulnerabilities that they say can be used to track victims’ locations in real time, walk deceptive emergency alerts, cause panic or quietly disconnect cell phones from 5G networks. In fact, 5G security is only relative to known attacks, such as protection against fragile 2G/3G cellular protocol attacks.
Research screenshots (sic PDF link)
However, new research has found that 5G networks still pose some risks or pose a threat to users’ privacy. To make matters worse, some of these new tools can also be used on 4G networks.
It is reported that the researchers extended their previous findings, creating a new tool called 5GReasoner and discovering 11 new vulnerabilities. By setting up a malicious radio base station, an attacker can monitor, destroy, or even attack a target.
In one attack experiment, the researchers successfully obtained old and new temporary network identifiers for the victim’s cell phone and then tracked their location. They even hijack pagers and broadcast false emergency alerts to victims.
If the vulnerability is exploited by someone with ulterior motives, it may lead to man-made chaos. Previously, researchers at the University of Colorado Boulder had identified similar vulnerabilities in the 4G protocol.
The second vulnerability is to create a “long-term” denial of service condition for a target phone from a cellular network.
In some cases, this flaw can be used to degrade cellular connections to older standards that are less secure. Law enforcement officials and capable hackers can launch surveillance attacks on target devices with the help of professional devices.
Syed Rafiul Hussain, one of the co-authors of the new paper, says all people with knowledge of 4G and 5G network practices and low-cost software radio skills can take advantage of these new attacks.
Given the sensitive nature of the vulnerability, the researchers did not publicly publish their proof-of-concept exploit code, but chose to report the matter directly to the GSMA Association.
Embarrassingly, despite the new research being approved by the GSMA Mobile Security Hall of Fame, spokeswoman Claire Cranton insists the vulnerabilities are as unlikely as they are to be exploited in practice. The GSMA has not yet released an exact timetable for when the repairs will begin.