A group of researchers has discovered a number of security flaws in various 5G basebands that allow hackers can undetectably hack and spy on victims.
Pennsylvania University researchers, using a special analysis tool called 5GBaseChecker, have discovered vulnerabilities in the Samsung, MediaTek and Qualcomm baseband used in phones by Google, OPPO, OnePlus, Motorola and Samsung.
Syed Rafiul Hussain, an associate professor at the University of Pennsylvania who participated in the study, told TechCrunch that he and his students were able to trick phones with these using vulnerable 5G basebands to connect to a fake base station — actually a fake cell phone tower — and then launch the attack.
Having access to the phone, the hacker can force the user to provide their credentials on a fake Gmail or Facebook login page, or extract some other confidential information. The researchers were also able to switch the victim from 5G to older protocols such as 4G or even older, which made it easier to eavesdrop on the victim's communications.
The researchers reported that most providers with they contacted, eliminated vulnerabilities. Samsung representative Chris Langlois said the company has released software patches to affected smartphone vendors to address the issue. Google representative Matthew Flegal also confirmed that the flaws have been fixed.