Security flaw of “high severity” discovered in 5G Qualcomm chips

Recent research by Dr. Matheus E. Garbelini, a PhD graduate student at the Singapore University of Technology and Design (SUTD), revealed security flaws that could have destroyed 5G connections for roughly 59% of mobile phones worldwide.

5G Qualcomm chips, which are utilized in well-known phone models, were the subject of the vulnerability findings, which are tracked as CVE-2023-33044, CVE-2023-33043, and CVE-2023-33042. 24 different smartphone brands—Vivo, Xiaomi, OPPO, Samsung, Honour, Motorola, realme, OnePlus, Huawei, ZTE, Asus, Sony, Meizu, Nokia, Apple, and Google—had up to 714 affected models.

Garbelini and his colleagues tested Qualcomm’s chips for firmware bugs using a technique called Wireless Fuzzing. Zewen Shang, a PhD candidate at SUTD, Assistant Professor Sudipta Chattopadhyay, a member of the SUTD research group, and Drs. Sumei Sun and Ernest Kurniawan from the Agency for Science, Technology, and Research’s (A*STAR) Institute for Infocomm Research (I2R) are among Garbelini’s team members.

It was found that malicious attacks emanating from a rogue standalone 5G base station (gNodeB) could set off a “Denial of Service” (DoS) attack, which would result in the mobile phone losing its 5G connection. Even after the attack has stopped, the 5G connection cannot be restored. The only method to restore the connection is to manually restart the phone, which occasionally necessitates taking out and re-inserting the SIM card.

Since 5G is expected to be the next generation of wireless technology, these findings are important as the number of 5G smartphones being used rises. While there is currently no known defense against attacks that take advantage of these vulnerabilities, users should nevertheless keep their iOS and Android phones updated to the most recent versions of the software because the majority of security flaws are

A Qualcomm representative praised the SUTD team for their discovery, saying, “Qualcomm Technologies prioritizes developing technologies that strive to support robust security and privacy.” We have collaborated with SUTD’s Matheus Garbelini and Sudipta Chattopadhyay to resolve the issues affecting certain 5G modems, and we applaud them for their use of coordinated disclosure practices. August 2023 saw the release of patches for OEMs, and we advise end users to install security updates as soon as they are released by device manufacturers.

A new 5Ghoul attack affects 5G phones that use MediaTek and Qualcomm chips

A new set of vulnerabilities in Qualcomm and MediaTek 5G modems, dubbed “5Ghoul,” affects routers, USB modems, and 710 5G smartphone models from Google partners (Android) and Apple.

Researchers from a Singaporean university found 5Ghoul, a collection of 14 mobile communication system vulnerabilities, of which 10 have been made public and four have been kept secret for security-related reasons.

From a security perspective, the 5Ghoul attacks can range from brief service interruptions to network downgrades, which could be more serious.

The vulnerabilities were found by the researchers during their experimentation with 5G modem firmware analysis. They report that it is simple to take advantage of the flaws over the air by pretending to be a genuine 5G base station.

Since the attack takes place before the NAS authentication step, this holds even in cases where attackers do not know the target’s SIM card.

According to the researchers’ website, “the attacker does not need to be aware of any secret information of the target UE, e.g., UE’s SIM card details, to complete the NAS network registration.”

“The attacker only needs to impersonate the legitimate gNB using the known Cell Tower connection parameters (e.g., SSB ARFCN, Tracking Area Code, Physical Cell ID, Point A Frequency).”

For a few thousand USD, one can accomplish the aforementioned tasks with open-source software for network analysis and fuzzing, a small PC, a software-defined radio (SDR), and various accessories such as cables, antennas, power supplies, etc.



from Virtualattacks https://ift.tt/W3bTql2

Comments