5G network flaws could be abused to let hackers spy on your phone

Telecommunication tower or Mobile phone tower with 5G cellular network . Global connection and internet network concept.on city background.

(Image credit: Shutterstock / Sakorn saenudon)

5G basebands could be exploited by attackers to allow them to send fake messages to your contacts, or even hand over your credentials using a very real-looking website, experts have warned.

Unveiled at the Black Hat cybersecurity conference, a research group from Pennsylvania State University presented their vulnerability sniffing tool 5GBaseChecker.

5G basebands are used to connect phones to mobile networks, but they can be exploited to connect them to fake network towers that are run by an attacker.

“Totally silent” attack

The researcher team, comprised of Kai Tu, Yilu Dong, Abdullah Al Ishtiaq, Syed Md Mukit Rashid, Weixuan Wang, Tianwei Wu, and Syed Rafiul Hussain, made their tool available to search for vulnerable Samsung, MediaTek and Qualcomm basebands, which are used by a number of popular phone manufacturers, including the likes of Google, Motorola and Samsung.

Among the possible avenues of attack from the fake base station, Tu highlighted a circumstance in which an attacker could potentially send a very real looking message from a friend to the victims phone opening up the potential for convincing phishing messages to be delivered from a supposedly credible source.

Tu states that once the phone connected to the fake base station, “the security of 5G was totally broken. The attack is totally silent.”

Another potential method of attack using a fake base station could be redirecting the target phone to a fake, but very real looking website such as a social media site or email login, and then stealing the credentials used to log in. To add further sting to the attack, the base station could also be used to downgrade the target phone to 4G, making it easier to snoop on the device.

So far, most of the vulnerabilities discovered in the basebands have been patched by the manufacturers, with spokespeople for both Samsung and Google telling TechCrunch that the flaws in their devices were now patched.

More from TechRadar Pro

These are the best Android antivirus apps around right now
Samsung is offering up to $1 million to anyone who can find security flaws in its software
Take a look at the best malware removal tools

Benedict has been writing about security issues for close to 5 years, at first covering geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division). Benedict then continued his studies at a postgraduate level and achieved a distinction in MA Security, Intelligence and Diplomacy. Benedict transitioned his security interests towards cybersecurity upon joining TechRadar Pro as a Staff Writer, focusing on state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.