If your 5G phone is on this list of over 700 handsets, you need to install all updates ASAP! (UPDATE

May 29, 2024

UPDATE:Some of the phones listed at the bottom of this article as being vulnerable to 5Ghoul were placed on the list by the researchers even though they do not support 5G because they are powered by the Snapdragon 855 SoC which does support 5G. It does not distract from the premise of the article. If your phone does support 5G connectivity (and even those without 5G capabilities that are equipped with the Snapdragon 855), you do have vulnerabilities that can be exploited unless it was previously patched.

The same applies to Huawei phones like the P50 series, the Mate 50 series, and the P60 line which are powered by Snapdragon chips that typically support 5G signals but were tweaked to prevent this from happening to follow U.S. export rules.

Make sure that you have installed all possible updates on your phone if it is on the list.

Discovered by university researchers in Singapore, vulnerabilities have been found in 5G modems produced by Qualcomm and MediaTek leaving 714 5G phones open to what is being called a "5Ghoul attack." There are 14 vulnerabilities in the affected systems and while 10 of them have been disclosed publicly, four remain undisclosed due to security reasons. The attacks can lead to mobile 5G service freezing or getting dropped on a smartphone temporarily. Phones under attack also could find a 5G signal getting downgraded to 4G.

The 5Ghoul attack requires a phone get connected to a rougue 5G base station

Per BleepingComputer, the researchers who discovered the modem flaws and the 5Ghoul attacks, Matheus E. Garbelini; Zewen Shang; Shijie Luo; Sudipta Chattopadhyay; Sumei Sun; and Ernest Kurniawan have put up a website in which they wrote that three out of the 10 vulnerabilities that are related to 5G modems from Qualcomm and MediaTek are confirmed to have "high severity." Video Thumbnail

The researchers also discovered 714 5G smartphones in the marketplace today that were/are affected by the vulnerabilities although the number could be higher because "firmware code is often shared across different modem versions." The report notes that the vulnerabilities are easy to exploit over-the-air by the attackers if they simply have a setup that pretends to be a legitimate 5G base station. The attacker does not need to know any information from the user's SIM card to exploit the flaws of the affected 5G modems.

To explain the attack in layman's terms, the targeted 5G handset needs to connect to a rogue 5G base station. At that point, the attacker launches the exploit code. To get the targeted phone to connect to the fake 5G base station, the attacker must be within radio range of that phone. Despite not having information from the target's SIM card, the attack can proceed. The attackers "can freely manipulate downlink messages to the target...opening a window of opportunities to launch attacks at any step of the 5G NR procedures."

Here is a list of smartphones that were/are open to getting attacked by 5Ghoul

Qualcomm and MediaTek revealed the vulnerabilities on their respective December security bulletins. The updates containing the appropriate patches were sent to device vendors two months ago although it should be noted that due to the fragmentation of Android, it still could take some time for all of the affected Android phones to be patched. And some older phones will never get patched since they will lose support before the update is released.

A large number of phone manufacturers have devices susceptible to a 5G attack

The list of affected smartphones is long. If your phone is on the list, make sure that you have installed all updates available to your phone. The list includes:

ncG1vNJzZmivp6x7sbTOp5yaqpWjrm%2BvzqZmp52nqHx2s8eorKVlpqq5r7HRmpmipJmpxm6txZ%2BcnKyjYoKoec%2Bhpqedo2K9sMPEq5ydZZKuerLBwKWaqKWdYrqmsMiaq56jXaK8pbHMrJainGFqgHSClQ%3D%3D