A group of academics have revealed the details of more than 100 security weaknesses affecting LTE and 5G implementation, which disrupts access to service by an attacker and even establishing a leg in the cellular core network Can be exploited.
119 weaknesses, 97 unique CVE assigned to identifiers, seven LTE Implementation-Opposition 5 GS, Magma, OpenArantfes, Athonate, SD-Core, Nextpasi, SRSRAN-And three 5G Implementation-Opter 5 GS, Magma, Researchers of Florerida University According to and Northern Carolina State University.
The findings have been expanded in a study titled “Ransacked: a domain-informed approach” LTE and 5G Ran-Core Interface “.
Researchers said, “Each of the 100 weaknesses discussed below can be used to constantly disrupt all cellular communications (phone calls, messaging and data) at the city-wide level.”
“An attacker can continuously crash the Mobility Management Entity (MME) or Access and Mobility Management Function (AMF) in an LTE/5G network, just by sending a single small data packet on the network as an uncontrolled user (no SIM No card (no SIM card (no) required). “
This discovery is the result of a fusing exercise, dubbed by researchers against the radio access network (RAN) -core interface, dubbed by researchers, who are able to get input directly from mobile handsets and base stations.
Researchers said that many of the many recognized weaknesses are related to overflow and memory corruption errors, which can be made weapons to dissolve the cellular core network, and for all customers at a city-wide level cellphone space and To use the connection information, carry out. Targeted attacks on specific customers, and malicious action on the network itself.
What is more, the flaws identified fall under two comprehensive categories: those who can be exploited by any informal mobile device and can be armed by an opponent, which has compromised on the base station or Femtosel.
Of the 119 weaknesses discovered, 79 MME implementation, 36 in AMF implementation and four in SGW Implementation. Twenty-five shortcomings lead to non-access stratum (NAS) pre-swollen attacks that can be carried out by an arbitrary cellphone.
“The introduction of the home-use Famtosel, more easily in 5G significance, after accessible GNODEB base stations, represents another change in safety mobility: where once physically lock-down, RAN equipment now now openly now Physical adverse hazards are made aware, “the study noted.
“Our work examines the implications of this last region, which is historically considered to be inherently safe, but now by enabling the protesting fasting interfaces facing imminent threats.”
