A newly revealed cyberattack can force your 5G smartphone onto an older, less secure 4G network without any warning. The method, developed by researchers, exploits a fundamental weakness in how phones first connect to a cell tower. This makes the attack highly effective and difficult to detect.
Academics at the Singapore University of Technology and Design uncovered the flaw, which they call “5Ghoul.” It targets a brief moment at the start of a connection when data sent between your phone and the tower is not encrypted. Because these critical messages are sent in the open, an attacker can intercept and tamper with them without needing your password or private details.
Using a toolkit they built, the researchers found they could reliably crash a phone’s modem or, more concerning, force it to abandon a 5G signal and drop down to 4G. This forced downgrade is a major problem because 4G networks have well-known security flaws. Once on 4G, you become vulnerable to older tracking and location-based attacks that 5G was designed to prevent.
In tests, the method worked between 70% and 90% of the time from a distance of about twenty meters. The team successfully demonstrated the attack on popular smartphone models from brands like Samsung, Google, Huawei, and OnePlus. What makes this attack particularly practical is that it does not require a complex fake cell tower, which has been a major hurdle for most real-world mobile network attacks.
The industry group GSMA has confirmed the security issue. While the researchers designed their toolkit for security testing and not criminal use, the software is now public. This means skilled hackers could potentially adapt the method for malicious purposes.
For now, there is no simple way for users to directly block this type of low-level attack. However, experts recommend maintaining good digital hygiene. This includes using updated security software, a password manager, and multi-factor authentication on your accounts.
Source: The Hacker News