A recent investigation by a group of researchers has unveiled a significant security concern, revealing over 100 vulnerabilities within LTE and 5G network implementations. These vulnerabilities pose risks that could allow an attacker to disrupt cellular services and potentially gain unauthorized access to the core network.
The study, conducted by experts from the University of Florida and North Carolina State University, identifies 119 vulnerabilities across seven LTE platforms, including Open5GS and Magma, as well as three 5G implementations. Alarmingly, these vulnerabilities have been assigned 97 unique CVE identifiers, reflecting a wide array of potential threats.
According to the researchers, the vulnerabilities are broad and encompass various aspects of network security. They indicate that each of the identified weaknesses could enable an adversary to instigate widespread disruptions to cellular communications, ranging from phone calls to data transmissions, at a municipal level. Furthermore, an attacker could initiate these disruptions simply by sending a small, unauthenticated data packet over the network, bypassing the need for a SIM card.
The study, entitled “RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces,” details the methodology employed during their fuzzing exercise. This approach targeted Radio Access Network (RAN)-Core interfaces capable of processing inputs directly from mobile devices and base stations. The mechanism utilized uncovered several critical vulnerabilities, particularly relating to buffer overflows and memory corruption errors, which could be exploited to maneuver deeper into the cellular core network.
One alarming implication of these vulnerabilities is the potential for unauthorized access to subscriber data on a significant scale, allowing adversaries to monitor cellphone location and connection details across a city. Such capabilities could facilitate targeted attacks on individual users and enable further malicious exploits within the network infrastructure itself.
The researchers categorize the identified vulnerabilities into two distinct groups: those that could be exploited by unauthenticated mobile devices and those requiring an attacker to have compromised a base station or femtocell. This distinction is crucial for understanding the potential threat landscape and developing appropriate mitigation strategies.
Of the 119 vulnerabilities, 79 were associated with Mobility Management Entity (MME) implementations, 36 with Access and Mobility Management Function (AMF) implementations, and four with Serving Gateway (SGW) implementations. Notably, 25 vulnerabilities facilitate Non-Access Stratum (NAS) pre-authentication attacks that any arbitrary cellphone could execute.
The researchers highlight the evolving security landscape, particularly with the introduction of home-use femtocells and more accessible gNodeB base stations in 5G implementations. This shift in the availability of Radio Access Network equipment exposes new avenues for adversarial exploitation that were previously less vulnerable.
In light of this research, a business owner should be keenly aware of the tactics and techniques outlined in the MITRE ATT&CK framework that are relevant to these vulnerabilities. Techniques related to initial access, persistence, and privilege escalation are pertinent, particularly when considering how adversaries may capitalize on these vulnerabilities to infiltrate networks and persist unnecessarily. Continuous monitoring and protective measures are essential to reduce the risk presented by these significant vulnerabilities in the evolving landscape of mobile communication security.
