- 5G phones can be downgraded in silence to unsecured 4G, leaving the apparatus exposed
- The feat works without installing expensive and complex false rounds
- The smartphones tested include flagship models from Samsung, Google, Huawei and OnePlus
At the end of 2023, the researchers discovered a set of defects in the firmware of the 5G modem of large flea manufacturers, including Mediatek and Qualcomm, collectively named 5Ghoul.
A group of academics from the Singapore University of Technology and Design (SUTD) has now shown how 5G phones can be deceived to turn around on 4G networks thanks to a method that avoids the need for a false base station.
Instead, he targets a vulnerable communication step in communication between the phone and the tower, where critical messages remain unacypted.
The SNI5GECT toolbox, abbreviated to “sniff 5g inject”, uses the small temporal window at the start of a connection attempt.
It targets the pre-authentication phase, when the data passing between the tower and the phone are not encrypted.
Due to this gap, attackers can intercept and inject messages without needing to know the private identification information of the phone.
During this stage, the system can capture the identifiers sent from the tower and use them to read and modify messages.
With such access, the attacker can force a modem accident, map a fingerprint of the device or trigger a 5G switch to 4G.
Given that 4G has long known defects for a long time, the forced gradient leaves the target open to older monitoring or location attacks.
The tests revealed a success rate between 70% and 90% when they tried about twenty meters, which suggests that the method works in realistic conditions.
The academics have tested the framework of several smartphones, including popular models from Samsung, Google, Huawei and OnePlus.
In these cases, the researchers were able to intercept both the rising affair and the downstream connection with notable precision.
Above all, the method avoids the complexity of the installation of a basic rogue station, which has long been limited practical attacks against mobile networks.
The Global System for Mobile Communications Association (GSMA) has since confirmed the problem and has attributed it the CVD-2024-0096 identifier, the marking as a risk of demotion.
The statement of the team is that their toolbox is not intended for criminal use but for more in -depth research on wireless security.
They argue that this could help the development of detection in terms of packages and new forms of 5G protection.
However, the possibility of crushing the devices or downgrading them in silence raises questions about the resilience of current networks.
Although no clear report has so far existed abuses of the real world, the method is public and the software is open source, therefore the risk remains that qualified actors can adapt it.
Unfortunately, users have few direct options to block these low -level exploits, although wider digital hygiene can help limit downstream risks.
However, the execution of updated antivirus software, securing identification information with a password manager and activating an Authenticator application for accounts can reduce the impact of secondary attacks that may arise from a retro-on-one of the network.
Via piracy news
