- 5G phones can be silently degraded to 4G insecure, leaving the exposed device
- The exploit works without configuring false and complex towers
- Proven smartphones include Samsung, Google, Huawei and OnePlus flagship models
At the end of 2023, the researchers discovered a set of failures in the Modem 5G firmware of the main chips manufacturers, including MediaTak and Qualcomm, collectively called 5Ghoul.
A group of academics from the Technological University and Design of Singapore (SUTD) has now demonstrated how 5G phones can be deceived to fall back to 4G networks through a method that avoids the need for a false base station.
On the other hand, it is aimed at a vulnerable stage of communication between the telephone and the tower, where critical messages remain unbalanced.
The SNI5Gect tool kit, abbreviation for “Sniffing 5G Inject”, makes use of the small time window at the beginning of a connection attempt.
It is aimed at the pre -authentication phase, when the data between the tower and the telephone remain unimailed.
Due to this gap, attackers can intercept and inject messages without knowing the private credentials of the phone.
During this stage, the system can capture identifiers sent from the tower and use them to read and modify messages.
With this access, the attacker can force a modem block, assign a digital fingerprint or activate a 5G to 4G switch.
Since 4G carries such long defects, the forced reduction leaves the goal open to older tracking or location attacks.
The tests revealed a success rate between 70% and 90% when they were attempted about twenty meters away, suggesting that the method works in realistic conditions.
The academics tested the frame on several smartphones, including popular Samsung models, Google, Huawei and OnePlus.
In these cases, researchers were able to intercept ascending and descending link traffic with remarkable accuracy.
It is important to note that the method avoids the complexity of establishing a dishonest base station, something that has long limited practical attacks in mobile networks.
Since then, the global system for the Mobile Communications Association (GSMA) has confirmed the problem and has assigned the CVD-2024-0096 identifier, which marked it as a risk of reduction.
The team’s claim is that its set of tools is not intended for criminal use, but for greater investigation into wireless security.
They argue that it could help with the development of the detection at the package level and the new forms of 5G protection.
Even so, the ability to block devices or degrade in silence raises questions about the resistance of current networks.
Although so far there are no clear reports of real world abuse, the method is public and the software is open source, so the risk remains that the qualified actors could adapt it.
Unfortunately, users have few direct options to block such low -level feats, although broader digital hygiene can help limit downstream risks.
However, executing updated antivirus software, ensuring credentials with a password administrator and allowing an authenticator application for accounts can reduce the impact of secondary attacks that could follow a reduction of the network.
Through the hacker news
