A new vulnerability was recently discovered, which affects all devices with 5G chips that were manufactured by Qualcomm or MediaTek. The vulnerability became known as “5Ghoul”, and affects several devices on the market that support the new wireless network technology.
According to researchers, the flaw was identified in at least 710 devices from Google and Apple partners, routers and USB modems. The 5Ghoul flaw was discovered by a group of researchers in Singapore, and affects at least 14 vulnerabilities in the wireless communications system, 10 of which have been publicly revealed and 4 are still pending, due to being more serious from the point of view of security.
Attackers can use 5Ghoul to carry out various formats of attacks against devices that have these modems. The flaw can also be quickly exploited if attackers have access to a system that allows them to create fake 5G networks, which mobile devices can connect to.
The most serious thing is that the flaws can be easily exploited with hardware that is accessible in a relatively simple way. An attacker can use this means to attack specific target devices, which makes it a very important tool for espionage.
Although researchers have confirmed the flaw in 714 devices from 24 different brands, it is important to take into account that the number of affected devices could be considerably higher, taking into account that they affect the basis of 5G connections and the way modems on these devices work.
Investigators left more details about the failure in public article of the same, along with a proof of concept that demonstrates how the flaw can be exploited.
Both Qualcomm and MediaTek had already released fixes for the 5Ghoul flaw, which began to be distributed about two months ago, when they became aware of them. However, the availability of fixes for affected devices may take much longer, if it reaches all models – taking into account that many may no longer be supported by companies.
There is no way to prevent attacks of this kind, except to stop using 5G networks altogether.
