Continue reading this on our app for a better experience

Open in App
Floating Button

"High severity" security flaws found in 5G Qualcomm chips

The Edge Singapore
The Edge Singapore • 2 min read
"High severity" security flaws found in 5G Qualcomm chips
Patches have been made available to OEMs so end users should apply security updates as they become available from device makers. Photo: Unsplash
Font Resizer
Share to Whatsapp
Share to Facebook
Share to LinkedIn
Scroll to top
Follow us on Facebook and join our Telegram channel for the latest updates.

Security flaws that could have wiped out 5G connection for about 59% of the world’s mobile phones was recently discovered by Dr Matheus E. Garbelini, a PhD graduate student at the Singapore University of Technology and Design (SUTD).

The vulnerability findings -- tracked as CVE-2023-33044, CVE-2023-33043 and CVE-2023-33042 -- involved Qualcomm’s 5G chips used in popular phone models. As many as 714 smartphone models from 24 brands were impacted, including those from Vivo, Xiaomi, OPPO, Samsung, Honor, Motorola, realme, OnePlus, Huawei, ZTE, Asus, Sony, Meizu, Nokia, Apple and Google.

Garbelini and his team used a process known as Wireless Fuzzing to test Qualcomm's chips for flaws in its firmware. Garbelini’s team includes SUTD PhD student Zewen Shang, SUTD research group member Assistant Professor Sudipta Chattopadhyay and collaborators from the Agency for Science, Technology and Research’s (A*STAR) Institute for Infocomm Research (I2R), Dr Sumei Sun and Dr Ernest Kurniawan.

They discovered that malicious attacks sent from a rogue standalone 5G base station (gNodeB) could trigger a “Denial of Service” (DoS) attack, causing a 5G connection loss for the mobile phone. The 5G connection cannot be recovered even after the attack has stopped. The only way to recover the connection is through manually rebooting the phone and it sometimes requires removing and reinserting the SIM card.

“With the adoption of 5G smartphones increasing, these findings are significant because 5G is slated to be the next generation of wireless technology. For now, although there is no known defence against attacks exploiting these flaws, users should still keep their Android OS and iOS patched to the latest versions of the phone software as most security issues are done during these updates,” says Garbelini.

Commending the SUTD team for the discovery, a spokesperson from Qualcomm says: “Developing technologies that endeavour to support robust security and privacy is a priority for Qualcomm Technologies. We commend Matheus Garbelini and Sudipta Chattopadhyay from SUTD for using coordinated disclosure practices, and we have worked with them to address the issues affecting some 5G modems. Patches were made available to OEMs in August 2023, and we encourage end users to apply security updates as they become available from device makers.”

×
The Edge Singapore
Download The Edge Singapore App
Google playApple store play
Keep updated
Follow our social media
© 2024 The Edge Publishing Pte Ltd. All rights reserved.