Security researchers at Purdue University and the University of Iowa have found 11 new vulnerabilities, which they say can be used to track a victim’s real-time location, spoof emergency alerts that can trigger panic, or silently disconnect a 5G-connected phone from the network altogether. Some of the new attacks also could be exploited on existing 4G networks, the researchers added.
Using a new custom tool called 5GReasoner, the researchers carried out multiple types of attacks against a 5G-connected smartphone.
In one attack, the researchers said they were able to obtain both old and new temporary network identifiers of a victim’s phone, allowing them to discover the paging occasion, which can be used to track the phone’s location – or even hijack the paging channel to broadcast fake emergency alerts.
Another attack could be used to create a “prolonged” denial-of-service condition against a target’s phone from the cellular network.
In some cases, the flaws could be used to downgrade a cellular connection to a less-secure standard, which makes it possible for law enforcement – and capable hackers – to launch surveillance attacks against their targets using specialist “stingray” equipment.
All of the new attacks can be exploited by anyone with practical knowledge of 4G and 5G networks and a low-cost software-defined radio, said Syed Rafiul Hussain, one of the co-authors of the new paper.