New 5G vulnerabilities could put phone users at risk

Security researchers at Purdue and U. of Iowa confirm what many security experts have long feared: there are serious security weaknesses in 5G that undermine the promised security and privacy protections.

About a dozen vulnerabilities have been identified by the researchers, who report that the bugs can allow a bad guy to track your actual real-time location, sendlarge numbers of people fake emergency alerts to trigger public panic or disconnect a 5G-connected phone from the network altogether.

5G was promised to be a more secure standard than 4G, able even to keep your data and voice safe from stingrays that present themselves as cell towers and spy on you.

But, nope. Also researchers say some of the attacks they've newly identified can also be exploited on existing 4G networks.

Worst of all, it's pretty cheap and easy to pull off the new exploits.

All of the new attacks can be exploited by anyone with practical knowledge of 4G and 5G networks and a low-cost software-defined radio, reports Zack Whittaker [@zackwhittaker] of TechCrunch:

The researchers expanded on their previous findings to build a new tool, dubbed 5GReasoner, which was used to find 11 new 5G vulnerabilities. By creating a malicious radio base station, an attacker can carry out several attacks against a targets connected phone used for both surveillance and disruption.

In one attack, the researchers said they were able to obtain both old and new temporary network identifiers of a victims phone, allowing them to discover the paging occasion, which can be used to track the phones location or even hijack the paging channel to broadcast fake emergency alerts.