Researchers from Pennsylvania State University have discovered serious security flaws in 5G technology that could allow hackers to spy on cell phone users.
The team, led by Assistant Professor Syed Rafiul Hussain, found vulnerabilities in 5G basebands—processors that enable phones to connect to mobile networks—during their research, which they presented at the Black Hat cybersecurity conference in Las Vegas.
Using a custom-built analysis tool named 5GBaseChecker, the researchers identified flaws in basebands manufactured by major companies like Samsung, MediaTek, and Qualcomm. These basebands are used in popular smartphones, including those made by Google, OPPO, OnePlus, Motorola, and Samsung.
One of the researchers, Kai Tu, described the severity of their findings. “The security of 5G was totally broken,” Tu said.
He explained that the team was able to trick phones with vulnerable basebands into connecting to a fake cell phone tower, known as a base station. From this fake station, they could launch various attacks without the victim’s knowledge.
“The attack is totally silent,” Tu added.
The researchers demonstrated that by exploiting these vulnerabilities, hackers could impersonate a victim’s friend and send convincing phishing messages or direct them to malicious websites. Once on these sites, victims could be tricked into entering their login credentials for services like Gmail or Facebook, unknowingly handing them over to hackers.
Additionally, the team showed that they could downgrade a victim’s connection from 5G to older protocols like 4G or even earlier versions, making it easier to intercept and eavesdrop on communications.
After identifying 12 vulnerabilities, the researchers contacted the affected vendors, who have since released patches to address the issues.
Samsung spokesperson Chris Langlois confirmed that the company had “provided software patches to smartphone vendors to resolve the matter.”
Google’s spokesperson, Matthew Flegal, also confirmed that “the flaws had been fixed.”
However, MediaTek and Qualcomm did not respond to requests for comment.
The researchers have made 5GBaseChecker available on GitHub, allowing other cybersecurity experts to continue hunting for vulnerabilities in 5G networks.