5G modem vulnerabilities in hundreds of smartphones
Articles by the same author:
1
2
3
4
Latest Android security updates provide patches.
In early December 2023, the Automated Systems SEcuriTy (ASSET) group of Singapore’s University of Technology and Design revealed 14 vulnerabilities affecting 5G modems. Named 5Ghoul, this family of flaws is found in the modems’ firmware, particularly those of the two main manufacturers, the US company Qualcomm, and Taiwanese firm MediaTek.
Of the fourteen vulnerabilities, twelve are new, ten affect the two manufacturers’ modems, and three are deemed critical. Researchers identified two other vulnerabilities, which they did not disclose, as there are no available patches yet. The vulnerabilities have an impact on a wide range of products that use 5G modems, including smartphones, CPE routers and USB modems.
ASSET believes at least 714 smartphone models are affected. “The real number of affected models could be higher because the firmware code is often shared between different modem versions,” explain researchers. Exploiting the vulnerabilities could disrupt the device’s 5G connectivity, scrambling it or downgrading it to 4G or 3G.
Qualcomm and MediaTek provided their customers with patches, respectively six and two months ago. They are thus available in the latest Android security updates.