The research identified two primary categories of vulnerabilities: those exploitable by any unauthenticated mobile device and those requiring access to compromised base stations or femtocells
In a concerning development, a group of academics from the University of Florida and North Carolina State University has revealed the discovery of over 100 security vulnerabilities impacting LTE and 5G network implementations. The vulnerabilities, which have been assigned 97 unique CVE identifiers, pose a significant threat to cellular communication services and network security.
The research findings, outlined in a study titled RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces, highlight serious weaknesses that could be exploited by attackers to disrupt city-wide cellular services, monitor user activities, and even compromise the cellular core network.
The flaws were identified in seven LTE implementations — Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC, and srsRAN — and three 5G implementations: Open5GS, Magma, and OpenAirInterface.
Potential for City-Wide Disruptions
According to the researchers, the vulnerabilities allow attackers to crash critical network components such as the Mobility Management Entity (MME) or Access and Mobility Management Function (AMF). “An attacker can continuously crash the MME or AMF in an LTE/5G network simply by sending a single small data packet over the network as an unauthenticated user, with no SIM card required,” they said.
The discovery was the result of a fuzzing exercise called RANsacked, which tested Radio Access Network (RAN)-Core interfaces responsible for handling inputs from mobile devices and base stations.
Types of Vulnerabilities
The research identified two primary categories of vulnerabilities: those exploitable by any unauthenticated mobile device and those requiring access to compromised base stations or femtocells. These flaws predominantly involve buffer overflows and memory corruption errors, which can be weaponised to monitor users’ locations, conduct targeted attacks, and perform other malicious actions on the network.
Out of the 119 vulnerabilities, 79 were found in MME implementations, 36 in AMF implementations, and four in SGW implementations. Additionally, 25 flaws could be exploited to carry out Non-Access Stratum (NAS) pre-authentication attacks using any arbitrary mobile device.
Rising Security Concerns with 5G Deployment
The introduction of home-use femtocells and more accessible gNodeB base stations with 5G technology has significantly changed the security landscape, the researchers noted. “Where once physically locked-down, RAN equipment is now openly exposed to physical adversarial threats,” the study stated.
The findings underscore the urgent need for enhanced security measures in the rapidly expanding 5G network infrastructure. As telecom operators continue to deploy next-generation networks, safeguarding RAN-Core interfaces and addressing these vulnerabilities will be critical to maintaining secure and reliable communication services.