If your 5G phone is on this list of over 700 handsets, you need to install all updates ASAP!

If your 5G phone is on this list of over 700 handsets, you need to install all updates ASAP!،

Discovered by university researchers in Singapore, vulnerabilities have been discovered in 5G modems produced by Qualcomm and MediaTek, leaving 714 5G phones open to what is being called a “5Ghoul attack”. There are 14 vulnerabilities in the affected systems and although 10 of them have been publicly disclosed, four remain confidential for security reasons. Attacks can cause 5G mobile service to freeze or be temporarily removed on a smartphone. Attacked phones could also find a 5G signal downgraded to 4G.

5Ghoul attack requires a phone to be connected to a red 5G base station

By BeepComputer, the researchers who discovered the modem flaws and 5Ghoul attacks, Matheus E. Garbelini; Zewen Shang; Shijie Luo; Sudipta Chattopadhyay; Sumei Sun; and Ernest Kurniawan have set up a website in which they wrote that three of ten vulnerabilities related to 5G modems from Qualcomm and MediaTek are confirmed to have “high severity”.

The researchers also discovered 714 5G smartphones on the market today that were/are affected by these vulnerabilities, although this number could be higher because “firmware code is often shared between different modem versions.” The report notes that the vulnerabilities are easy for attackers to exploit over the air if they simply have a setup that pretends to be a legitimate 5G base station. The attacker does not need to know the user's SIM card information to exploit the vulnerabilities of the affected 5G modems.

To explain the attack in simple terms, the targeted 5G handset needs to connect to a malicious 5G base station. At this point, the attacker launches the exploit code. For the targeted phone to connect to the fake 5G base station, the attacker must be within radio range of that phone. Even if information from the target's SIM card is not available, the attack can continue. Attackers “can freely manipulate downlink messages to the target…thus opening a window of opportunity to launch attacks at any stage of 5G NR procedures.”

Here is a list of smartphones that were/are susceptible to attack by 5Ghoul

Qualcomm and MediaTek disclosed the vulnerabilities in their respective December security bulletins. Updates containing the appropriate fixes were sent to device vendors two months ago, but it should be noted that due to Android fragmentation, updating all affected Android phones may still take a while. And some older phones will never be updated because they will lose support before the update is released.

A large number of phone manufacturers have devices that could be attacked by 5G.

The list of affected smartphones is long. If your phone is listed, make sure you have installed all available updates on your phone. The list includes: