Unknown cell signal? Deceptive cyber-attack manipulates phone connections, reducing speed from 5G to 4G without detection
A groundbreaking discovery has been made by researchers at the Singapore University of Technology and Design (SUTD). They have developed a method to trick 5G phones into falling back to 4G networks, bypassing the need for a fake base station.
The researchers, through tests, have reported a success rate between 70% and 90% when attempted from around twenty meters away. The toolkit they've developed, named SNI5GECT (Sniffing 5G Inject), allows for the interception of both uplink and downlink traffic with notable accuracy during the tests.
The method, which targets a vulnerable stage of communication between phone and tower, where critical messages remain unencrypted, avoids the complexity of setting up a rogue base station, something that has long limited practical attacks on mobile networks.
The flaws in 5G modem firmware from major chipmakers, including MediaTek and Qualcomm, were uncovered in late 2023 and collectively named 5Ghoul. This vulnerability potentially resulted in more vulnerable 5G phones.
While no clear reports of real-world abuse exist so far, the method is public and the software is open source, so the risk remains that skilled actors could adapt it. The Global System for Mobile Communications Association (GSMA) has confirmed the issue and assigned it the identifier CVD-2024-0096, marking it as a downgrade risk.
The forced downgrade from 5G to 4G leaves the target open to older tracking or location attacks, as 4G carries long-known flaws. Users have few direct options to block such low-level exploits, but running updated antivirus software, securing credentials with a password manager, and enabling an authenticator app for accounts can reduce the impact of secondary attacks.
The toolkit used for this attack is not meant for criminal use but for further research into wireless security. The companies delivering the 5G modem firmware involved in the 5Ghoul vulnerability, Qualcomm and MediaTek, have yet to comment on the findings.
Tests of the method have been conducted on popular smartphones, including models from Samsung, Google, Huawei, and OnePlus. With such access, attackers can force a modem crash, map a device fingerprint, or trigger a switch from 5G to 4G.
The ability to crash devices or silently downgrade them raises questions about the resilience of current networks. As we continue to rely heavily on these networks for our daily lives, it is crucial that efforts are made to address these vulnerabilities and ensure the safety and security of our digital world.
