A group of researchers has identified multiple security vulnerabilities in 5G basebands, the processors responsible for linking mobile phones to cellular networks, which may have enabled hackers to monitor users undetected.

These vulnerabilities were disclosed at the recent Black Hat cybersecurity conference in Las Vegas, where a team from Pennsylvania State University presented their research findings and published an academic paper.

The researchers reported discovering security flaws in basebands manufactured by Samsung, MediaTek, and Qualcomm, utilizing a specialized tool named 5GBaseChecker.

These processors are integrated into devices from prominent brands including Google, OPPO, OnePlus, Motorola, and Samsung.

To support ongoing investigations into 5G security issues, the researchers have made 5GBaseChecker available on GitHub, a widely used platform for version control and collaborative software development.

Syed Hussain, an assistant professor at Penn State, informed TechCrunch that his team successfully tricked phones with susceptible 5G basebands into connecting to a fraudulent base station, effectively a counterfeit cell tower, which enabled them to carry out their attacks.

One of the students involved, Kai Tu, remarked that their most significant attack allowed them to compromise the phone through the fake base station.

"The security of 5G was entirely undermined," Tu stated, characterizing the attack as "completely silent."

He further elaborated that attackers leveraging these vulnerabilities could impersonate a victim's contacts to send deceptive phishing messages or redirect the victim's phone to a bogus website, misleading them into entering their credentials on a counterfeit Gmail or Facebook login page.

The researchers also showcased their capability to force a victim's phone to revert from 5G to older protocols such as 4G, which could make it easier to intercept the victim's communications.

The research team reported that the majority of the vendors they contacted have addressed the vulnerabilities. As of their most recent update, they had identified and patched twelve distinct vulnerabilities in various 5G basebands.

The Executive Vice Chairman of the Nigerian Communications Commission, Dr. Aminu Maida, recently emphasized that advancements in network technology, such as 5G and 6G, heighten the risk of cyberattacks.

“While we analyze the current 5G landscape, which presents an expanded attack surface due to the increased number of connected devices and denser network infrastructure, it is essential to also consider the future implications,” he stated.

In 2023, GSMA, the global association representing telecom operators, reported that 5G is likely to face intensified cyber threats due to its faster data speeds and reduced latency.