Researchers in Singapore discovered vulnerabilities in 5G modems produced by Qualcomm and MediaTek, which have left 714 5G phones open to a “5Ghoul attack.” This attack includes 14 vulnerabilities, with 10 being publicly disclosed, and the remaining four kept undisclosed due to security reasons. The result of the attacks could lead to mobile 5G services being frozen or temporarily dropped on a smartphone, or downgraded from 5G to 4G.
The 5Ghoul attack requires a phone to connect to a rogue 5G base station, as researchers Garbelini, Shang, Luo, Chattopadhyay, Sun, and Kurniawan have stated. The vulnerabilities related to 5G modems from Qualcomm and MediaTek are confirmed to have “high severity.”
Furthermore, the researchers discovered 714 5G smartphones in the marketplace that were affected by the vulnerabilities. However, the number could be even higher as firmware code is often shared across different modem versions. The vulnerabilities are easy to exploit over the air and do not require the attacker to know any information from the user’s SIM card.
To launch the exploit code, the targeted 5G handset needs to connect to a rogue 5G base station. Despite not having information from the target’s SIM card, the attack proceeds and opens a window of opportunities to launch attacks during the 5G NR procedures.
Qualcomm and MediaTek revealed the vulnerabilities in their respective December security bulletins, with device vendors receiving the updates containing appropriate patches two months ago. However, due to the fragmentation of Android, it may take some time for all affected Android phones to be patched. Additionally, some older phones will never get patched since they will lose support before the update is released.