5G networks are vulnerable to hacking

New research uncovers nearly a dozen more flaws in the next generation of mobile network

Security researchers from Purdue University and the University of Iowa have discovered nearly a dozen flaws in 5G network technology, which they say can track a victim's real-time location, create false emergency alerts, and discreetly disconnect phones from a 5G network altogether.

The researchers, using their tool called the "5GReasoner", found that 5G is still subject to some of the same exploits as 4G, despite touting a more "robust security posture" than previous cellular network generations.

The 5GReasoner discovered 11 new surveillance and disruption threats to the network by conducting a series of attacks against 5G-connected phones from a radio base station.

In one of these attacks, researchers obtained old and new temporary network identifiers of a victim's phone, which allowed them to track its location through its paging occasion. They could also broadcast fake emergency alerts by hijacking the paging channel, which could lead to "artificial chaos." Both real-time location tracking and false emergency alerts are vulnerabilities shared by 4G and 5G networks.

Another attack discovered a means to create a prolonged denial-of-service condition, which could completely disconnect a target's phone from the network for an extended period of time. It could also downgrade the phone to a less secure connection, leaving it open for law enforcement and other hackers to launch surveillance attacks.

According to one of the co-authors of the new research paper, Syed Rafiul Hussain, anyone with a working knowledge of 4G and 5G networks and a cheap software-defined radio can conduct these attacks.

Warnings over flaws in the Authentication Key Agreement in 5G first arose back in February, with the GSM Association (GSMA), which represents the global mobile communications industry, promising remedial action. The research, however, suggests they have yet to deliver.

The GSMA inducted the researchers into their mobile security hall of fame, but spokesperson Claire Cranton said the vulnerabilities uncovered were "judged as nil or low-impact in practice." The association gave no timeline or certain intention for rectifying the network's flaws.

Hussain told TechCrunch that while some of the fixes can be made in the existing network design, others will likely call for "a reasonable amount of change in the protocol."

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Most Popular

Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021