"The attack, per the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design (SUTD), relies on a new open-source software toolkit named Sni5Gect (short for "Sniffing 5G Inject") that's designed to sniff unencrypted messages sent between the base station and the user equipment (UE, i.e., a phone) and inject messages to the target UE over-the-air."
""As opposed to using a rogue base station, which limits the practicality of many 5G attacks, SNI5GECT acts as a third-party in the communication, silently sniffs messages, and tracks the protocol state by decoding the sniffed messages during the UE attach procedure," the researchers said. "The state information is then used to inject a targeted attack payload in downlink communication.""
"The findings build upon a prior study from ASSET in late 2023 that led to the discovery of 14 flaws in the firmware implementation of 5G mobile network modems from MediaTek and Qualcomm, collectively dubbed 5Ghoul, that could be exploited to launch attacks to drop connections, freeze the connection that involves manual reboot, or downgrade the 5G connectivity to 4G."
An attack can downgrade 5G connections or disrupt devices without requiring a rogue base station. The attack uses an open-source toolkit named Sni5Gect to passively sniff unencrypted messages exchanged between the base station (gNB) and user equipment (UE) and to inject crafted downlink messages over-the-air. Sni5Gect decodes sniffed messages in real time, tracks protocol state during the UE attach procedure, and leverages that state to deliver targeted payloads. Potential impacts include crashing UE modems, forcing downgrades to earlier generations, fingerprinting devices, and bypassing authentication. The technique exploits the pre-authentication message exchange and follows earlier findings of firmware flaws in major modem vendors.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]