An alarming revelation by researchers has unveiled more than 100 security vulnerabilities affecting LTE and 5G network implementations, potentially allowing malicious actors to disrupt services or infiltrate the core of cellular networks.
The investigation uncovered 119 vulnerabilities across several implementations, encompassing both LTE and 5G systems. These flaws, tied to 97 unique CVE identifiers, impact seven LTE solutions—Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC, and srsRAN—as well as three 5G platforms—Open5GS, Magma, and OpenAirInterface. The research stems from collaborative efforts by academics at the University of Florida and North Carolina State University.
Their findings, detailed in a paper titled “RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces,” paint a troubling picture.
“Each of the identified vulnerabilities can be exploited to persistently disrupt cellular communications—spanning calls, texts, and data—at a city-wide scale,” the researchers highlighted. They further explained that attackers could exploit these flaws by sending a single, small data packet as an unauthenticated user, bypassing the need for a SIM card.
The vulnerabilities were identified through RANsacked, a fuzzing methodology focused on the Radio Access Network (RAN)-Core interfaces, which are directly accessible by mobile devices and base stations.
Key weaknesses include buffer overflows and memory corruption vulnerabilities, which could serve as entry points for adversaries into the core cellular network. Exploiting these flaws could enable attackers to monitor subscriber locations, access connection data on a large scale, execute targeted attacks on specific individuals, and launch further malicious activities within the network infrastructure.
The vulnerabilities fall into two primary categories:
- Exploitable by unauthenticated mobile devices – These attacks can be launched without any prior access credentials.
- Exploitable by compromised base stations or femtocells – These involve adversaries leveraging control over hardware such as base stations to deepen their network infiltration.
Of the 119 vulnerabilities, 79 were traced to Mobility Management Entity (MME) implementations, 36 to Access and Mobility Management Function (AMF) systems, and four to Serving Gateway (SGW) implementations. A significant portion—25 vulnerabilities—could facilitate Non-Access Stratum (NAS) pre-authentication attacks using any arbitrary mobile device.
The study also highlights the increasing risks introduced by home-use femtocells and the proliferation of more accessible gNodeB base stations in 5G networks. Once secure, locked-down infrastructure now faces heightened exposure to physical and adversarial threats, marking a significant shift in the security landscape.
“Our research underscores the urgency of addressing these vulnerabilities, particularly as RAN equipment becomes increasingly accessible to adversaries. Historically assumed secure, these interfaces now demand robust scrutiny and protection,” the researchers concluded.
The findings serve as a wake-up call for the telecommunications industry, underscoring the critical need to fortify the security of both LTE and 5G infrastructures against evolving threats.
