A set of 14 security vulnerabilities named “5Ghoul” has been discovered in the firmware implementation of 5G mobile network modems from major chipset vendors like MediaTek and Qualcomm.
The flaws impact USB and IoT modems, along with hundreds of smartphone models running Android and iOS. Three of the vulnerabilities are classified as high-severity, allowing attackers to disrupt connections, freeze links requiring manual reboot, or downgrade 5G connectivity to 4G. The vulnerabilities were disclosed by researchers from the Singapore University of Technology and Design. The vulnerabilities affect 714 smartphones from 24 brands, including Apple, Google, Samsung, and more. Patches have been released for 12 of the 14 flaws. The details of the remaining two have been withheld for confidentiality reasons. The vulnerabilities could be exploited by attackers to deceive smartphones into connecting to rogue base stations, leading to unintended consequences. Make sure you are running the latest patches for your mobile device. And watch out for signs of a 5Ghoul attack, which includes loss of 5G connections, inability to re-connect until the device is rebooted and consistent drop to 4G despite the available of the 5G network in the area.
https://thehackernews.com/2023/12/new-5g-modems-flaws-affect-ios-devices.html
https://securereading.com/5g-modem-flaws-impact-ios-and-android-devices/
https://www.bleepingcomputer.com/news/security/new-5ghoul-attack-impacts-5g-phones-with-qualcomm-mediatek-chips/
This segment was created for the It’s 5:05 podcast
https://505updates.com/2023-12-12-cybersecurity-and-open-source-headlines/