The 5G baseband security fortress has been breached, allowing hackers to silently spy on mobile phone users
IT House
2024-08-08 07:21Posted on the official account of Shandong IT Home
IT Home reported on August 8 that at the Black Hat Cybersecurity Conference held in Las Vegas on Wednesday, a research team from Pennsylvania State University announced the latest research results, finding a series of security vulnerabilities on multiple 5G basebands, which can be used to monitor users.
Source: IT Home is generated using Designer
Scope of influence
The research team, custom-designed an analysis tool called 5GBaseChecker, found vulnerabilities in the basebands produced by Samsung, MediaTek and Qualcomm that affect phones from brands such as Google, OPPO, OnePlus, Motorola and Samsung.
Research team
研究团队成员包括 Kai to、Ilu Dong、Abdullah Al Ishtiaq、Sayed MD Mukit Rashid、Veixuan Wang、Tianwei Wu 和 Sayed Rafiul Hussein,于本周三在 Github 上发布了 5GBeschüker,以便其他研究人员使用该工具来查找 5G 漏洞.
Vulnerability destructiveness
Assistant Professor Hussain says that a fake base station can be created and then tricked into connecting with a mobile phone using the aforementioned baseband, which can then spy on the mobile phone user without the other party knowing.
"To some extent, these vulnerabilities completely break the security mechanisms of 5G, and this surveillance can be silent," said student Tu.
Tu said that cyber attackers exploit these vulnerabilities to pretend to be friends of the victim and send credible phishing messages; or direct the victim to click on a malicious website on their mobile phone; Victims are tricked into providing their credentials on a fake Gmail or Facebook login page.
The researchers also stated that it is possible to downgrade victims from 5G to older protocols like 4G or older, making it easier to eavesdrop on victims' communications.
Fix the situation
The researchers said that most of the vendors they contacted had fixed the vulnerabilities. As of press time, researchers have reported fixes for 12 vulnerabilities in multiple 5G basebands.
Samsung spokesman Chris Langlois said in a statement that the company has "released software patches to affected smartphone vendors to address and address the issue."
MediaTek and Qualcomm did not respond to media requests for comment.
The reference address is attached to the IT House
View original image 107K
-
The 5G baseband security fortress has been breached, allowing hackers to silently spy on mobile phone users
![Agitated! The mortise and tenon craft will be on the moon "News Fast Food" for three minutes a day, taking you to a quick overview of the world[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)