
A comprehensive security audit has revealed 119 critical vulnerabilities affecting LTE and 5G network implementations, potentially exposing cellular networks to significant security risks. The research, conducted by teams from the University of Florida and North Carolina State University, identified 97 unique CVE-classified vulnerabilities across multiple cellular network implementations.
The affected systems include seven LTE implementations (Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC, srsRAN) and three 5G implementations (Open5GS, Magma, OpenAirInterface). The vulnerabilities were discovered through a specialized fuzzing technique called RANsacked, targeting Radio Access Network (RAN)-Core interfaces.
Key Findings:
– 79 vulnerabilities in MME implementations
– 36 vulnerabilities in AMF implementations
– 4 vulnerabilities in SGW implementations
– 25 vulnerabilities enabling NAS pre-authentication attacks
The security implications are severe, with potential attackers able to:
– Disrupt cellular communications citywide
– Crash critical network components using a single data packet
– Access the cellular core network
– Monitor subscriber location and connection information
– Launch targeted attacks on specific users
The researchers highlight that these vulnerabilities are particularly concerning given the increasing accessibility of cellular network equipment, especially with the introduction of home-use femtocells and 5G gNodeB base stations. This shift from traditionally secured infrastructure to more exposed systems creates new security challenges for cellular networks.