Researchers from the University of Florida and North Carolina State University conducted an extensive analysis across seven LTE implementations, including Open5GS, Magma, and OpenAirInterface, and three 5G implementations.
The researchers uncovered 119 vulnerabilities in LTE & 5G Implemetations that let attackers remotely compromise and access the cellular core.
Every system tested was found to multiple critical flaws, some of which could enable attackers to disrupt entire metropolitan areas or gain unauthorized access to core cellular networks.
100+ Vulnerabilities in LTE & 5G Implementations
Each of the identified vulnerabilities has the potential to cause persistent denial of service (DoS) at a city-wide level.
By exploiting these flaws, attackers could crash critical components like the Mobility Management Entity (MME) in LTE or the Access and Mobility Management Function (AMF) in 5G networks.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
Alarmingly, such attacks can be initiated by sending a single malicious data packet over the network—no SIM card or authentication is required.
This disruption could persist until network operators identify and patch the exploited vulnerability, leaving millions without access to phone calls, messaging, or data services.
The vulnerabilities are not limited to open-source platforms; proprietary systems deployed in commercial networks are equally affected. This highlights a systemic issue across both public and private cellular infrastructure.
Remote Access Risks: A Gateway for Espionage and Sabotage
Beyond service disruption, several vulnerabilities allow for buffer overflows and memory corruption, enabling attackers to infiltrate the cellular core network. Once inside, adversaries could:
– Monitor location and connection data for all subscribers within a city.
– Conduct targeted attacks on specific individuals.
– Compromise critical network components like the Home Subscriber Service (HSS) or Unified Data Management (UDM), potentially extending disruptions nationwide.
The researchers demonstrated this risk by developing a proof-of-concept remote code execution (RCE) exploit targeting one of the vulnerabilities in SD-Core.
Two Threat Models Identified
The study categorizes these vulnerabilities into two primary threat models:
1. Unauthenticated Device Exploits: Attackers can exploit these vulnerabilities using any mobile device capable of sending malformed packets. With the rise of Wi-Fi Calling services, such attacks can now be launched remotely over the internet, bypassing traditional geographic limitations.
2. Base Station Exploits: Adversaries with access to compromised base stations or femtocells can exploit misconfigurations or leaked IPsec keys to infiltrate the cellular core. The proliferation of smaller 5G base stations in accessible locations further increases this risk.
The researchers adhered to responsible disclosure protocols, notifying affected vendors and allowing a 90-day window for patches before publicizing their findings.
In cases where vendors failed to respond—such as NextEPC and SD-Core—the team released patches directly through GitHub alongside their public disclosure.
Cellular networks are integral to modern life, supporting emergency services, businesses, and personal communication.
The ability to disrupt these networks at scale represents a significant threat to public safety and national security.
As 5G adoption accelerates, its integration with legacy LTE infrastructure exacerbates these vulnerabilities, making robust security measures imperative.
This research underscores the need for proactive security measures across the telecommunications industry.
Regular vulnerability assessments, adoption of zero-trust architectures, and stringent security protocols are essential to safeguarding critical infrastructure from increasingly sophisticated cyber threats.
Without immediate action, the promise of next-generation connectivity could be overshadowed by its vulnerabilities.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar
In a recent report by security researchers, it has been revealed that there are over 100 vulnerabilities in LTE and 5G infrastructure that could potentially enable remote core compromise. These vulnerabilities could allow attackers to gain unauthorized access to the core network of mobile operators, potentially leading to a wide range of malicious activities.
The vulnerabilities range from simple configuration errors to more complex issues in the protocol implementations of LTE and 5G networks. These vulnerabilities could be exploited by attackers to intercept sensitive user data, disrupt network operations, or even launch large-scale attacks on critical infrastructure.
Mobile operators and network equipment vendors are urged to take immediate action to patch these vulnerabilities and ensure the security of their networks. Failure to address these issues could have serious consequences for both operators and their customers.
It is crucial for the industry to work together to address these vulnerabilities and strengthen the security of LTE and 5G networks. By taking proactive measures to secure their infrastructure, mobile operators can protect their networks and customers from potential cyber threats.
Tags:
- LTE vulnerabilities
- 5G infrastructure vulnerabilities
- Remote core compromise
- Network security risks
- Cybersecurity threats
- LTE and 5G security flaws
- Core network compromise
- Mobile network vulnerabilities
- Remote attack on LTE and 5G
- Critical security issues in LTE and 5G
#Vulnerabilities #LTE #Infrastructure #Enable #Remote #Core #Compromise
Leave a Reply
You must be logged in to post a comment.