As cellphone carriers and users await the rollout of 5G networks, researchers at the University of Iowa and Purdue University warn in a new paper that the system may still have some serious bugs to work out.
Among the 11 flaws they found are bugs that could potentially allow hackers to monitor 5G cellphone user locations, send fake emergency alerts to phones, or simply deny service to users or force their devices to downgrade to an older network such as a 4G system, they write. One of the researchers, Syed Rafiul Hussain, says he’s most concerned about attacks that could expose a person’s location, Wired reports.
The flaws have been reported to the GSM Association, a telecom industry body, which added the researchers to its security hall of fame.
The bugs the researchers found are all flaws in the formal specification of 5G, rather than any particular carrier’s implementation, and they didn’t actually test their findings against a live network. It’s unclear to what extent the vulnerabilities will actually be present in any particular network, since it’s common for tech systems to deviate from published standards in various ways.
“These scenarios have been judged as nil or low-impact in practice, but we appreciate the authors’ work to identify where the standard is written ambiguously, which may lead to clarifications in the future,” the GSM Association said in a statement. “We are grateful to the researchers for affording industry the opportunity to consider their findings and welcome any research that enhances the security and user confidence of mobile services.”