Home Hackers could exploit major 5G baseband security flaw, researchers say

Hackers could exploit major 5G baseband security flaw, researchers say

tl;dr

  • Researchers from Pennsylvania State University found serious security vulnerabilities in 5G basebands that allow hackers to spy on mobile users.
  • They presented their findings at the Black Hat cybersecurity conference and published an academic paper detailing their methodology using "5GBaseChecker".
  • The tool detected 22 issues, including 13 exploitable vulnerabilities, with one severe flaw named "5G AKA Bypass" compromising global users' security.

Researchers from Pennsylvania State University have revealed serious security vulnerabilities in several 5G basebands, which could allow hackers to stealthily access and spy on mobile users. The findings were presented at the Black Hat cybersecurity conference in Las Vegas and detailed in an academic paper published Aug. 7.

The team developed a new tool named “5GBaseChecker” to detect flaws in basebands produced by major manufacturers such as Samsung, MediaTek, and Qualcomm. These basebands are used in popular smartphones from Google, OPPO, and OnePlus, to Motorola, and Samsung.

What is the 5GBaseChecker basebands tool?

In their paper, “Logic Gone Astray: A Security Analysis Framework for the Control Plane Protocols of 5G Basebands,” the analysts explained their methodology. “We develop 5GBaseChecker— an efficient, scalable, and dynamic security analysis framework based on differential testing for analyzing 5G basebands’ control plane protocol interactions,” they said. The tool uses black-box automata learning to model baseband behaviors, which can then pinpoint deviations in security properties that may signal vulnerabilities.

Their testing uncovered 22 implementation issues, including 13 exploitable vulnerabilities and two interoperability concerns.

The research group, which includes Kai Tu, Yilu Dong, Abdullah Al Ishtiaq, Syed Md Mukit Rashid, Weixuan Wang, Tianwei Wu, and Syed Rafiul Hussain, have made 5GBaseChecker available on GitHub to assist other researchers in identifying security flaws in 5G technologies.

Hussain, an assistant professor at Penn State, wrote in a post on X: “This automated and scalable security analysis framework unveiled 22 issues, with 13 exploitable ones in 17 5G basebands.”

One particularly startling discovery was the “5G AKA Bypass,” a severe vulnerability in a widely used 5G baseband that could let attackers intercept Internet data and send phishing SMS messages.

“The implications of this attack are profound; it affects users globally who utilize 5G devices with that particular baseband. This flaw violates the underlying security guarantees of 5G technology, leaving users’ security and privacy completely compromised,” the team explained.

Featured image: Ideogram

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Suswati Basu
Tech journalist

Suswati Basu is a multilingual, award-winning editor and the founder of the intersectional literature channel, How To Be Books. She was shortlisted for the Guardian Mary Stott Prize and longlisted for the Guardian International Development Journalism Award. With 18 years of experience in the media industry, Suswati has held significant roles such as head of audience and deputy editor for NationalWorld news, digital editor for Channel 4 News and ITV News. She has also contributed to the Guardian and received training at the BBC As an audience, trends, and SEO specialist, she has participated in panel events alongside Google. Her…

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.