What works in IT may not in an operational technology/industrial control systems environment where availability and safety of operations must be maintained.
Related Posts
CISA Releases New Identity and Access Management Guidance
CISA Releases New Identity and Access Management Guidance
CISA has released new guidance on how federal agencies can integrate identity and access management into their ICAM architecture.
The post CISA Releases New Identity and Access Management Guidance appeared first on SecurityWeek.
SecurityWeek RSS Feed
Microsoft fixes Windows bug causing File Explorer freezes
Microsoft fixes Windows bug causing File Explorer freezes
Microsoft has addressed a known issue causing File Explorer on Windows 11 and Windows Server systems after viewing a file’s effective access permissions. […] Read More
BleepingComputer
New 5Ghoul Attack Impacts 5G Devices From Popular Brands
New 5Ghoul Attack Impacts 5G Devices From Popular Brands
5G is the 5th generation mobile network, and this technology has significantly revolutionized communication by offering:-
Faster internet speeds
Reduced latency
Increased connectivity
Besides this, 5G offers low-latency benefits in the following critical and essential domains:-
VR
Medical
Automation
However, cybersecurity researchers from the following organizations recently discovered the new 5Ghoul attack that impacts the 5G devices from popular brands:-
Singapore University of Technology and Design
2I2R
A*STAR
New 5Ghoul Attack
5Ghoul exposes 5G vulnerabilities in Qualcomm and MediaTek modems, impacting smartphones, routers, and USB modems.
Twelve new vulnerabilities were discovered, with 10 affecting these major modems, three being highly severe. Besides this, over 710 affected smartphone models were identified.
The exploited vulnerabilities lead to:-
Connection drops
Freezes
5G-to-4G downgrades
5Ghoul uses a mimicked Dolev-Yao attacker model, exposing a controllable downlink channel to inject/modify 5G NR Downlink Packets without knowing the target UE’s secret information
The adversarial gNB manipulates downlink messages, enabling attacks at any 5G NR step, while later procedures face failure due to unknown SIM card details.
By deploying a malicious gNB using Software Defined Radio (SDR) within the target 5G UE’s radio range, the 5Ghoul vulnerabilities can be exploited easily over the air.
However, despite the visual detectability of the USRP B210 in the researchers’ setup, the miniaturized SDR equipment, like a Raspberry Pi, allows for stealthy and sophisticated attacks.
Exploitations
Here below, we have mentioned all the exploitations:-
Exploitation on Mobile Devices: Experts tested 5G vulnerabilities (V5 to V10) on Asus ROG Phone 5S (ARP5s, Qualcomm Modem) and OnePlus Nord CE 2 (OnePlus, MediaTek Modem). V5/V6 trigger temporary DoS on ARP5s, requiring continuous attacks for complete disruption. V7 downgrades to 4G, forcing manual reboot for 5G restoration; persistent impact observed. V8-V14 caused crashes on OnePlus with MediaTek Dimensity 900 5G Modem, necessitating modem reboots for 5G recovery. Continuous attacks disrupt 3G/4G/5G communications on OnePlus, echoing V5/V6 behavior.
Exploitation on Specialized 5G Products: Vulnerabilities V5-V14 impact 5G devices with Qualcomm and MediaTek modems, affecting smartphones, USB modems, and low-latency communication appliances.
Downgrade Attacks: The vulnerability V7 (7.3) acts as a downgrade attack, blocking 5G connections while allowing access to older technologies like 4G. This exposes users to different design issues inherent to various network technologies (2G, 3G, 4G).
Estimating the reach of 5Ghoul: To gauge 5Ghoul’s impact on 5G smartphones, we use web scraping to find models with vulnerable Qualcomm and MediaTek modems. Mobile processors like Snapdragon 8XX (Qualcomm) or Dimensity XXXX (MediaTek) integrate CPU, 5G modem, GPU, and peripherals, simplifying chipset identification.
Smartphone models potentially affected by 5Ghoul (Source – Asset Group)
The complete list of the 5Ghoul-affected smartphones can be found here.
The Challenge of Delivering 5G Patches to the End-user: Ensuring a secure modem SDK prevents prolonged vulnerabilities. Issues in 5G modem implementation impact downstream vendors, causing delays in security updates due to software dependencies.
The chain involves carrier recertification, OS vendor integration, and product vendor manual patching, leading to a 6-month delay for end-users.
5G UE Software Supply Ecosystem (Source – Asset Group)
Vulnerabilities
Here below, we have mentioned all the vulnerabilities that were described:-
V5: Invalid MAC/RLC PDU (CVE-2023-33043)
V6: NAS Unknown PDU (CVE-2023-33044)
V7: Disabling 5G / Downgrade via Invalid RRC pdcch-Config (CVE-2023-33042)
V8: Invalid RRC Setup spCellConfig (CVE-2023-32842)
V9: Invalid RRC pucch CSIReportConfig (CVE-2023-32844)
V10: Invalid RLC Data Sequence (CVE-2023-20702)
V11: Truncated RRC physicalCellGroupConfig (CVE-2023-32846)
V12: Invalid RRC searchSpacesToAddModList (CVE-2023-32841)
V13: Invalid RRC Uplink Config Element (CVE-2023-32843)
V14: Null RRC Uplink Config Element (CVE-2023-32845)
The potential of 5G is vast, but deeper research is crucial for uncovering vulnerabilities in its software.
The complex, multi-layered nature of 5G networks poses challenges, as seen in the discovery of 5Ghoul vulnerabilities in major chipset vendors despite their comprehensive testing resources.
The post New 5Ghoul Attack Impacts 5G Devices From Popular Brands appeared first on Cyber Security News.
Cyber Security News