5G networks are vulnerable to hacking

New research uncovers nearly a dozen more flaws in the next generation of mobile network

Security researchers from Purdue University and the University of Iowa have discovered nearly a dozen flaws in 5G network technology, which they say can track a victim's real-time location, create false emergency alerts, and discreetly disconnect phones from a 5G network altogether.

The researchers, using their tool called the "5GReasoner", found that 5G is still subject to some of the same exploits as 4G, despite touting a more "robust security posture" than previous cellular network generations.

The 5GReasoner discovered 11 new surveillance and disruption threats to the network by conducting a series of attacks against 5G-connected phones from a radio base station.

In one of these attacks, researchers obtained old and new temporary network identifiers of a victim's phone, which allowed them to track its location through its paging occasion. They could also broadcast fake emergency alerts by hijacking the paging channel, which could lead to "artificial chaos." Both real-time location tracking and false emergency alerts are vulnerabilities shared by 4G and 5G networks.

Another attack discovered a means to create a prolonged denial-of-service condition, which could completely disconnect a target's phone from the network for an extended period of time. It could also downgrade the phone to a less secure connection, leaving it open for law enforcement and other hackers to launch surveillance attacks.

According to one of the co-authors of the new research paper, Syed Rafiul Hussain, anyone with a working knowledge of 4G and 5G networks and a cheap software-defined radio can conduct these attacks.

Warnings over flaws in the Authentication Key Agreement in 5G first arose back in February, with the GSM Association (GSMA), which represents the global mobile communications industry, promising remedial action. The research, however, suggests they have yet to deliver.

The GSMA inducted the researchers into their mobile security hall of fame, but spokesperson Claire Cranton said the vulnerabilities uncovered were "judged as nil or low-impact in practice." The association gave no timeline or certain intention for rectifying the network's flaws.

Hussain told TechCrunch that while some of the fixes can be made in the existing network design, others will likely call for "a reasonable amount of change in the protocol."

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021