Critical Security Vulnerabilities in Cellular Networks Exposed by Researchers

In a groundbreaking discovery, a team of academics has uncovered more than 100 security vulnerabilities affecting LTE and 5G network implementations, posing a significant risk to cellular communications worldwide. These vulnerabilities, which impact both LTE and 5G technologies, could allow attackers to disrupt service access and gain unauthorized entry into core cellular networks.

The study, conducted by researchers from the University of Florida and North Carolina State University, identifies a total of 119 vulnerabilities, with 97 unique CVE identifiers. These flaws were found across seven LTE implementations—Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC, srsRAN—and three 5G implementations—Open5GS, Magma, and OpenAirInterface.

Detailed in a report titled “RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces,” the research highlights the severity of these vulnerabilities. The authors state, “Every one of the more than 100 vulnerabilities we identified can be used to persistently disrupt all cellular communications, including phone calls, messaging, and data, at a city-wide scale.”

Notably, the study reveals that attackers could exploit these flaws by sending a single, small data packet to crash critical network components like the Mobility Management Entity (MME) in LTE networks or the Access and Mobility Management Function (AMF) in 5G networks. Alarmingly, these attacks can be executed without authentication, meaning no SIM card is required.

The vulnerabilities were discovered through a fuzzing initiative named RANsacked, which targeted Radio Access Network (RAN)-Core interfaces—components that receive direct input from mobile devices and base stations. The research team identified several buffer overflow and memory corruption vulnerabilities that could be weaponized to infiltrate the cellular core network. Once inside, attackers could monitor cellphone locations, track connection details for all users within a city, launch targeted attacks, and carry out further malicious actions on the network.

The vulnerabilities fall into two primary categories: those that can be exploited by any unauthorized mobile device and those requiring an adversary to compromise a base station or femtocell. This revelation underscores the urgent need for telecom operators and network vendors to fortify their security measures against emerging threats.

It is crucial to address these vulnerabilities now because LTE and in the near future 5G networks are increasingly essential for critical communications, including those used by public safety agencies such as law enforcement, and emergency responders. Any disruption to these networks could severely impact their ability to coordinate emergency responses, conduct investigations, and ensure public safety. A compromised network could delay lifesaving operations, obstruct law enforcement efforts, and put citizens at risk. As such, mitigating these vulnerabilities is not only a technical necessity but also a matter of national security and public welfare.

As LTE and 5G technologies continue to drive global connectivity, securing their infrastructure is paramount. The research team urges the industry to take immediate action to mitigate these vulnerabilities and safeguard users from potential large-scale attacks.