5G network flaws could be abused to let hackers spy on your phone

Telecommunication tower or Mobile phone tower with 5G cellular network . Global connection and internet network concept.on city background.
(Image credit: Shutterstock / Sakorn saenudon)

5G basebands could be exploited by attackers to allow them to send fake messages to your contacts, or even hand over your credentials using a very real-looking website, experts have warned.

Unveiled at the Black Hat cybersecurity conference, a research group from Pennsylvania State University presented their vulnerability sniffing tool 5GBaseChecker.

5G basebands are used to connect phones to mobile networks, but they can be exploited to connect them to fake network towers that are run by an attacker.

“Totally silent” attack 

The researcher team, comprised of Kai Tu, Yilu Dong, Abdullah Al Ishtiaq, Syed Md Mukit Rashid, Weixuan Wang, Tianwei Wu, and Syed Rafiul Hussain, made their tool available to search for vulnerable Samsung, MediaTek and Qualcomm basebands, which are used by a number of popular phone manufacturers, including the likes of Google, Motorola and Samsung.

Among the possible avenues of attack from the fake base station, Tu highlighted a circumstance in which an attacker could potentially send a very real looking message from a friend to the victims phone opening up the potential for convincing phishing messages to be delivered from a supposedly credible source.

Tu states that once the phone connected to the fake base station, “the security of 5G was totally broken. The attack is totally silent.”

Another potential method of attack using a fake base station could be redirecting the target phone to a fake, but very real looking website such as a social media site or email login, and then stealing the credentials used to log in. To add further sting to the attack, the base station could also be used to downgrade the target phone to 4G, making it easier to snoop on the device.

So far, most of the vulnerabilities discovered in the basebands have been patched by the manufacturers, with spokespeople for both Samsung and Google telling TechCrunch that the flaws in their devices were now patched.

More from TechRadar Pro

TOPICS
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
Find My app logo displayed on an iPhone 11 screen
This Find My exploit lets hackers track any Bluetooth device – here’s how you can stay safe
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
QR Code
Hackers are targeting Signal with new QR code-linked cyberattack
Location Data
Cloudflare CDN flaw could expose user location simply by sending an image
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Fraude en ligne phishing
Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen
Latest in Pro
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Racks of servers inside a data center.
Modernizing data centers: an efficient path forward
Dr. Peter Zhou, President of Huawei Data Storage Product Line
Why AI commonization is so important for business intelligent transformation and what Huawei’s data storage has to offer
Wix automation
The world's leading website builder aims to save businesses time with new tool
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Latest in News
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before