
A group of researchers has revealed over 100 security vulnerabilities impacting LTE and 5G network implementations, which could allow attackers to disrupt cellular services and potentially gain access to the core of the cellular network. The vulnerabilities, which include 119 unique issues categorized under various CVE identifiers, are spread across seven LTE implementations and three 5G systems.
This research was conducted by academics from the University of Florida and North Carolina State University, and the findings are documented in a study titled "RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces." The study warns that attackers could use any unauthenticated mobile device to send a small data packet that could crash critical network components like the Mobility Management Entity (MME) or the Access and Mobility Management Function (AMF), effectively disrupting cellular communications city-wide.
The fuzzing exercise aimed at uncovering weaknesses in the interfaces that connect mobile handsets and base stations. It highlighted multiple types of vulnerabilities, particularly those related to memory corruption and buffer overflows, which could enable attackers to monitor the location and connection information of mobile devices across urban areas.
The vulnerabilities identified fall into two categories: one that can be exploited by any unverified mobile device, and another that could be leveraged by attackers who have compromised a base station or femtocell. Among the 119 vulnerabilities, the majority were found in MME implementations, with others affecting AMF and SGW implementations.
The researchers caution that the trend towards home-use femtocells and easier access to gNodeB base stations in 5G networks significantly alters the security dynamics, as this equipment, once safely secured, is now more exposed to potential attacks. The study sheds light on new security challenges posed by these developments, as traditional protective measures may no longer suffice against evolving threats.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.