The baseband for 5G connectivity in mobile devices appears to contain a number of invisible vulnerabilities that open the door to spying on your device.

American researchers have discovered invisible but potentially serious vulnerabilities in the 5G baseband of smartphones. The research was presented at the Black Hat security conference in Las Vegas and will soon appear in a paper. The vulnerability in the basebands makes smartphones vulnerable to espionage.

The researchers say that these are structural vulnerabilities in 5G basebands that are not limited to any one brand. There are 22 vulnerabilities in total, thirteen of which can be actively exploited. The vulnerabilities were identified in basebands developed by Qualcomm, MediaTek and Samsung and used by many popular smartphone brands.

Vulnerable to espionage

A baseband is a critical component in a smartphone processor for mobile connectivity. The researchers figured out how to trick the baseband into connecting to fake base stations. From that moment on, the extra security provided by 5G technology is a no-brainer. The attack is completely invisible to the target, as there is no indication that anything is wrong during the connection.

The vulnerabilities provide numerous opportunities for attackers. In addition to classic attacks, the attacker can revert 5G connectivity to older network protocols that offer less protection against eavesdropping on your communications.

The paper describing the research in more detail will be published soon. The tool the researchers use to detect baseband vulnerabilities is already available on Github. Fortunately, the researchers first brought their findings to smartphone manufacturers so that they could roll out the necessary patches before the vulnerability became public.