Your phone's 5G connection Is vulnerable to bypass, DoS attacks

Mobile devices are at risk of wanton data theft and denial of service, thanks to vulnerabilities in 5G technologies.

At the upcoming Black Hat 2024 in Las Vegas, a team of seven Penn State University researchers will describe how hackers can go beyond sniffing your Internet traffic by literally providing your Internet connection to you. From there, spying, phishing, and plenty more are all on the table.

It’s a remarkably accessible form of attack, they say, involving commonly overlooked vulnerabilities and equipment you can buy online for a couple of hundred dollars.

Step 1: Set Up a Fake Base Station

When a device first attempts to connect with a mobile network base station, the two undergo an authentication and key agreement (AKA). The device sends a registration request, and the station replies with requests for authentication and security checks.

Though the station vets the phone, the phone does not initially vet the station. Its legitimacy is essentially accepted as a given.

“Base stations advertise their presence in a particular area by broadcasting ‘sib1’ messages every 20 milliseconds, or 40 milliseconds, and none of those broadcast messages have authentication, or any kind of security mechanisms,” explains Penn State assistant professor Syed Rafiul Hussain. “They’re just plaintext messages. So there’s no way that a phone or a device can check whether it’s coming from a fake tower.”

Setting up a fake tower isn’t as tall a task as it might seem. You just need to mimic a real one using a software-defined radio (SDR). As Kai Tu, another Penn State research assistant points out, “People can purchase them online — they’re easy to get. Then you can get some open source software (OSS) to run on it, and this kind of setup can be used as a fake base station.” Expensive SDRs might cost tens of thousands of dollars, but cheap ones that get the job done are available for only a few hundred.

It might seem counterintuitive that a small contraption could seduce your phone away from an established commercial tower. But a targeted attack with a nearby SDR could provide even greater 5G signal strength than a tower servicing thousands of other people at the same time. “By their nature, devices try to connect to the best possible cell towers — that is, the ones providing the highest signal strength,” Hussain says.

To read the complete article, visit Dark Reading.