Topics
Latest
AI
Amazon
Image Credits:Costfoto / NurPhoto / Getty Images
Apps
Biotech & Health
Climate
Image Credits:Costfoto / NurPhoto / Getty Images
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
fund raise
gizmo
Gaming
Government & Policy
ironware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
surety
Social
outer space
Startups
TikTok
Transportation
Venture
More from TechCrunch
effect
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
A group of researchers say they have uncovered a series of security system flaw in different 5 G basebands — fundamentally processors used by cell phone to join to mobile networks — which could have allow drudge to stealthily hack on victims and spy on them .
The researchers from Pennsylvania State University presented their findings at theBlack Hatcybersecurity conference in Las Vegas on Wednesday , as well as in an academic newspaper .
Using a custom - made analysis shaft they call 5GBaseChecker , the researcher uncovered baseband vulnerabilities made by Samsung , MediaTek , and Qualcomm , which are used in phones made by Google , OPPO , OnePlus , Motorola , and Samsung .
The researchers are Kai Tu , Yilu Dong , Abdullah Al Ishtiaq , Syed Md Mukit Rashid , Weixuan Wang , Tianwei Wu , and Syed Rafiul Hussain . On Wednesday , they publish 5GBaseChecker on GitHubso that other research worker can use it to hunt for 5 GiB vulnerabilities .
Hussain , an adjunct professor at Penn State , enjoin TechCrunch that he and his students were able-bodied to play a joke on phones with those vulnerable 5 G basebands into connect to a fake floor station — essentially a fake cell phone towboat — and from there launch their attacks .
Tu , one of the students , said that their most critical attack admit them to overwork the speech sound from that faux base station . At that point , Tu articulate , “ the security of 5 one thousand was altogether broken . ”
“ The attack is all silent , ” Tu added .
Tu explained that by taking advantage of the vulnerabilities they found , a malicious hacker could pretend to be one of the dupe ’s friends and post a credible phishing message . Or by directing the dupe ’s headphone to a malicious website , the cyber-terrorist could fob the dupe into providing their credentials on a fake Gmail or Facebook login page , for example .
The investigator were also capable to downgrade a victim from 5 GiB to older protocol like 4 thou or even older ones , making it easier to eavesdrop on the dupe ’s communication , said Tu .
The researchers said that most marketer they contacted have pay back the vulnerabilities . At the fourth dimension of writing , the researchers describe and got patched 12 vulnerabilities in dissimilar 5 G basebands .
Samsung spokesperson Chris Langlois read in a statement to TechCrunch that the company had “ released software patches to affected smartphone vendors to address and decide this topic , ” while Google spokesperson Matthew Flegal also confirmed that the flaws were now sterilize .
MediaTek and Qualcomm did not respond to a postulation for comment .
