More than 700 smartphones from Apple, Google, Samsung, and 21 other brands have been impacted by a collection of 14 vulnerabilities dubbed 5Ghoul that concern the implementation of Qualcomm and MediaTek 5G mobile network modem firmware, according to The Hacker News.
Other IoT and USB modems were also affected by the flaws, which when exploited could drop or freeze 5G connectivity or facilitate a connection downgrade to 4G, a study by Singaporean university researchers showed. Most severe of the bugs was CVE-2023-33042 impacting Qualcomm's X55/X60 modem firmware that could cause a denial-of-service condition.
"The attacker does not need to be aware of any secret information of the target UE e.g., UE's SIM card details, to complete the NAS network registration. The attacker only needs to impersonate the legitimate gNB using the known Cell Tower connection parameters," said researchers.
While most of the vulnerabilities have already been patched by Qualcomm and MediaTek, details regarding the two other flaws have not yet been disclosed.