A group of academics has revealed details about more than 100 security vulnerabilities affecting LTE and 5G implementations. These vulnerabilities could potentially disrupt service access and enable an attacker to gain unauthorized access to the cellular core network.
The 119 vulnerabilities cover seven LTE implementations and three 5G implementations. Researchers from the University of Florida and North Carolina State University identified these vulnerabilities in Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC, and srsRAN for LTE, and Open5GS, Magma, and OpenAirInterface for 5G.
The study, titled “RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces,” provides detailed insights into these vulnerabilities.
The researchers warned that each of the vulnerabilities could be exploited to disrupt all cellular communications at a city-wide level. An attacker could crash the Mobility Management Entity (MME) or Access and Mobility Management Function (AMF) in an LTE/5G network with a single small data packet, even without authentication.
The vulnerabilities were uncovered through a fuzzing exercise known as RANsacked, targeting Radio Access Network (RAN)-Core interfaces that interact with mobile handsets and base stations.
These vulnerabilities, including buffer overflows and memory corruption flaws, could be exploited to breach the cellular core network. This access could then be utilized to monitor cellphone location and connection data for all subscribers in a city, launch targeted attacks, and execute malicious activities on the network.
The flaws identified can be exploited by unauthenticated mobile devices or by adversaries who have compromised base stations or femtocells.
Out of the 119 vulnerabilities discovered, 79 were in MME implementations, 36 in AMF implementations, and four in SGW implementations. Additionally, 25 vulnerabilities could lead to Non-Access Stratum (NAS) pre-authentication attacks carried out by any cellphone.
The researchers emphasized the increased security risks posed by home-use femtocells and accessible gNodeB base stations in 5G deployments. They noted that previously secure interfaces are now exposed to physical threats, warranting a closer examination of their security implications.
For more exclusive content, follow us on Twitter and LinkedIn.
