5G networks are vulnerable to hacking

New research uncovers nearly a dozen more flaws in the next generation of mobile network

Security researchers from Purdue University and the University of Iowa have discovered nearly a dozen flaws in 5G network technology, which they say can track a victim's real-time location, create false emergency alerts, and discreetly disconnect phones from a 5G network altogether.

The researchers, using their tool called the "5GReasoner", found that 5G is still subject to some of the same exploits as 4G, despite touting a more "robust security posture" than previous cellular network generations.

The 5GReasoner discovered 11 new surveillance and disruption threats to the network by conducting a series of attacks against 5G-connected phones from a radio base station.

In one of these attacks, researchers obtained old and new temporary network identifiers of a victim's phone, which allowed them to track its location through its paging occasion. They could also broadcast fake emergency alerts by hijacking the paging channel, which could lead to "artificial chaos." Both real-time location tracking and false emergency alerts are vulnerabilities shared by 4G and 5G networks.

Another attack discovered a means to create a prolonged denial-of-service condition, which could completely disconnect a target's phone from the network for an extended period of time. It could also downgrade the phone to a less secure connection, leaving it open for law enforcement and other hackers to launch surveillance attacks.

According to one of the co-authors of the new research paper, Syed Rafiul Hussain, anyone with a working knowledge of 4G and 5G networks and a cheap software-defined radio can conduct these attacks.

Warnings over flaws in the Authentication Key Agreement in 5G first arose back in February, with the GSM Association (GSMA), which represents the global mobile communications industry, promising remedial action. The research, however, suggests they have yet to deliver.

The GSMA inducted the researchers into their mobile security hall of fame, but spokesperson Claire Cranton said the vulnerabilities uncovered were "judged as nil or low-impact in practice." The association gave no timeline or certain intention for rectifying the network's flaws.

Hussain told TechCrunch that while some of the fixes can be made in the existing network design, others will likely call for "a reasonable amount of change in the protocol."

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Six ways boards can step up support for cyber security
Business strategy

Six ways boards can step up support for cyber security

22 Jul 2021