About three months ago, I wrote about the implications and impacts of 5Ghoul in a previous diary.
The 5Ghoul family of vulnerabilities could cause User Equipment to be continuously exploited once they are connected to the malicious 5Ghoul gNodeB. Given the potential complexities in the realm of 5G mobile network modems used in a multitude of devices, I chose to give the situation a bit more time before revisiting the 5Ghoul vulnerability.
Patch updates have been made concerning the various products listed in Table 1.
Older models tend not to receive security updates due to the end of security patch support.
Some vendors do not publicly make their firmware patch information available, which poses a challenge when ascertaining if affected products were patched.
For modem devices such as Telit FT980m, Simcom SIM8202G, Fibocom FM150-AE and Quectel RM500Q-GL, their patch status is unclear as firmware patch information is not publicly available.
I had tried to find out more about the devices that were tested, but it appears that there were few discussions with respect to 5Ghoul from the tested device brands.
Quectel did have a query in their forums, but unfortunately, their website was down.
Interestingly, Sierra Wireless released a Security Advisory on their website, although their products were not used to evaluate 5Ghoul vulnerabilities.
As highlighted in the previous diary, all 5Ghoul vulnerabilities have had their patches released by Qualcomm/MediaTek.
There is also interesting trivia about the CVEs being addressed.
One might have noted that CVE-2023-32844, CVE-2023-32846 and CVE-2023-32845 were not listed.
According to MediaTek and having sighted the correspondence between MediaTek and the 5Ghoul researchers, fixes for the three previously mentioned CVEs were addressed altogether in CVE-2023-32841.
It appears that the most significant delay and uncertainties lie with the vendors who have yet to implement the fixes released by MediaTek and Qualcomm.
Although the Android project has had all the patches nailed down, the fragmented ecosystem of various Android phone brand models could add time for patches to be implemented.
Some older device models also no longer receive updates, so it is safe to presume they would be susceptible to 5Ghoul attacks.
These attacks have yet to be widely prevalent, but they will surely be annoying if one gets targeted.
If you are using a mobile device that will no longer have any security updates, consider whether one can accept the inconveniences of being affected by 5Ghoul attacks.
In the context of organizations that depend heavily on 5G communications and are using hardware listed in Table 1 or the vulnerable 5G modems that had been identified, it is highly recommended that the business owners evaluate the risks and impact of disruptions caused by 5Ghoul and the relevant mitigations that can be adopted.
This Cyber News was published on isc.sans.edu. Publication date: Fri, 15 Mar 2024 00:58:05 +0000