New 5G attack named 5Ghoul can exploit Qualcomm, MediaTek chips

published: Dec. 9, 2023

Take action: A vulnerability in a chipset in your mobile phone is not something you can do much about. Except update your phone to the latest OS and firmware. So don't ignore those updates, there are so many things in the phone that need updating all the time.


Learn More

The "5Ghoul" attack, identified by Singapore university researchers, targets critical vulnerabilities in 5G modems by Qualcomm and MediaTek, impacting a wide range of 5G smartphone models from major brands like Google, Apple, and others, as well as routers and USB modems. This attack poses significant risks, including service disruptions and network downgrades, and is particularly concerning due to its potential to exploit devices without requiring knowledge of the target's SIM card details.

List of Publicly Disclosed Vulnerabilities:

  1. CVE-2023-33043: Affects Qualcomm X55/X60 modems. Attackers can send an invalid downlink MAC frame to cause temporary hang and modem reboot (Denial of Service - DoS).
  2. CVE-2023-33044: Targets Qualcomm X55/X60 modems. Sending an invalid NAS PDU can result in modem failure and reboot (DoS).
  3. CVE-2023-33042: Affects Qualcomm X55/X60 modems. Malformed RRC pdcch-Config can lead to network downgrade or service denial. Manual reboot required for restoration.
  4. CVE-2023-32842: Impacts MediaTek Dimensity 900/1200 modems. Malformed RRC Connection Setup can cause modem failure and reboot (DoS).
  5. CVE-2023-32844: Affects MediaTek Dimensity 900/1200 modems. Invalid RRC pucch CSIReportConfig can lead to modem failure and reboot (DoS).
  6. CVE-2023-20702: Targets MediaTek Dimensity 900/1200 modems. Malformed RLC Data Sequence can cause modem crash and reboot (DoS).
  7. CVE-2023-32846: Impacts MediaTek Dimensity 900/1200 modems. Truncated RRC physicalCellGroupConfig can lead to modem crash due to memory access errors (DoS).
  8. CVE-2023-32841: Affects MediaTek Dimensity 900/1200 modems. Sending malformed RRC Connection Setup can cause a modem crash (DoS).
  9. CVE-2023-32843: Impacts MediaTek Dimensity 900/1200 modems. Invalid RRC Uplink Config Element can result in modem failure and reboot (DoS).
  10. CVE-2023-32845: Affects MediaTek Dimensity 900/1200 modems. Null RRC Uplink Config Element in malformed RRC Connection Setup can trigger a modem crash (DoS).

The CVE-2023-33042 vulnerability is particularly critical as it can force a device off the 5G network and onto 4G, potentially exposing it to additional vulnerabilities. While Denial of Service flaws can cause temporary loss of connectivity, they can be especially disruptive in critical service environments.

Both Qualcomm and MediaTek have responded with security bulletins, and patches were provided to device vendors. However, the distribution of these fixes to end-users might be delayed due to the complexity of the software supply chain, especially for Android devices. In some cases, older models might not receive updates at all.

Users should be aware of signs indicating a "5Ghoul" attack, such as unexpected loss of 5G connections or consistent fallback to 4G networks, despite the availability of 5G. Staying updated with the latest security patches and being vigilant about unusual network behaviors are key to protecting against such vulnerabilities.

New 5G attack named 5Ghoul can exploit Qualcomm, MediaTek chips