📃5Ghoul is the name given to a set of 14 newly discovered vulnerabilities in Qualcomm and MediaTek 5G modems, disclosed in December 2023 by researchers from the Singapore University of Technology and Design (SUTD). These vulnerabilities affect hundreds of smartphone models and allow cyberattacks on 5G-enabled devices.
👉5GHoul = 5G + Ghoul, an Arabic mythology. In popular legend, a Ghoul is a demonic creature that seeks to distract travellers, and upon successfully doing so, it preys on them. Similarly, the 5GHOUL vulnerabilities, when exploited, attempt to draw user equipment (UEs), such as smartphones and other 5G-enabled devices, to connect to malicious base stations created by 5ghoul (gNB). Once connected, these vulnerabilities can be exploited to launch continuous attacks that drop connections, freeze the connection, require a manual reboot, or downgrade the 5G connectivity to 4G.
📃A notable feature of 5GHOUL vulnerabilities is their ease of exploitation, requiring no victim SIM card information. These vulnerabilities can be exploited to launch attacks before completing any NAS authentication procedures.
🔑 The attacker only needs to impersonate the legitimate gNB using the known Cell Tower connection parameters (e.g., SSB ARFCN, Tracking Area Code, Physical Cell ID, Point A Frequency) available on many mobile applications.
📃 These attacks can be launched wirelessly by setting up a fake 5G base station using inexpensive hardware, such as a software-defined radio (SDR).
📝 Over 700 models of smartphones from brands including Apple (iPhones with Qualcomm modems), Samsung, Google, Xiaomi, Vivo, Oppo, Realme, and most affected phones use Qualcomm Snapdragon or MediaTek 5G chips.
📝 Qualcomm and MediaTek have issued patches, but device manufacturers (like Samsung or Xiaomi) must integrate them into their firmware.
🧠 Why Is It a Big Deal?
It shows that 5G networks aren’t bulletproof. The vulnerabilities aren’t in the networks themselves but in the modems inside your phone, meaning even if your mobile network operator (MNO) has excellent security, your device could still be at risk. It’s also concerning because an attacker doesn’t need physical access—just being nearby with the correct setup is enough!