5G networks are vulnerable to hacking

New research uncovers nearly a dozen more flaws in the next generation of mobile network

Security researchers from Purdue University and the University of Iowa have discovered nearly a dozen flaws in 5G network technology, which they say can track a victim's real-time location, create false emergency alerts, and discreetly disconnect phones from a 5G network altogether.

The researchers, using their tool called the "5GReasoner", found that 5G is still subject to some of the same exploits as 4G, despite touting a more "robust security posture" than previous cellular network generations.

The 5GReasoner discovered 11 new surveillance and disruption threats to the network by conducting a series of attacks against 5G-connected phones from a radio base station.

In one of these attacks, researchers obtained old and new temporary network identifiers of a victim's phone, which allowed them to track its location through its paging occasion. They could also broadcast fake emergency alerts by hijacking the paging channel, which could lead to "artificial chaos." Both real-time location tracking and false emergency alerts are vulnerabilities shared by 4G and 5G networks.

Another attack discovered a means to create a prolonged denial-of-service condition, which could completely disconnect a target's phone from the network for an extended period of time. It could also downgrade the phone to a less secure connection, leaving it open for law enforcement and other hackers to launch surveillance attacks.

Advertisement
Advertisement - Article continues below

According to one of the co-authors of the new research paper, Syed Rafiul Hussain, anyone with a working knowledge of 4G and 5G networks and a cheap software-defined radio can conduct these attacks.

Warnings over flaws in the Authentication Key Agreement in 5G first arose back in February, with the GSM Association (GSMA), which represents the global mobile communications industry, promising remedial action. The research, however, suggests they have yet to deliver.

The GSMA inducted the researchers into their mobile security hall of fame, but spokesperson Claire Cranton said the vulnerabilities uncovered were "judged as nil or low-impact in practice." The association gave no timeline or certain intention for rectifying the network's flaws.

Hussain told TechCrunch that while some of the fixes can be made in the existing network design, others will likely call for "a reasonable amount of change in the protocol."

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019