Fifth-generation networks (5G) and private 5G networks offer improved opportunities for various industries, providing high-speed connection and better security. The technology has attracted many new solutions, including solutions for the 5G nucleus. However, like any new technology, 5G has its own vulnerabilities, which can cause serious problems for organizations using technology.
Researchers from Trend Micro discovered vulnerabilities in the implementation of the NEXT Generation Application Protocol (NGAP), which is used to transmit control messages between the base station (GNODEB or GNB) and the 5G nucleus. Problems with decoding messages in the protocol can lead to a malfunction of network functions, which, in turn, interrupts communication on the network. (source)
Particular attention was attracted by a Denial of Service (DOS) vulnerability, known as cve-2022-43677 (CVSS: 5.5), which allows hackers to disrupt the control level through user equipment. The problem was partially resolved in May 2023, but Trend Micro experts revealed additional problems related to the direction of user messages. (source)
Successful DOS attacks on the nucleus seriously disrupt the connectivity of the entire network, which can have catastrophic consequences in critical sectors such as defense, police, mining industry, and road traffic control.
The attack was carried out through user equipment due to insufficient separation of the control and user levels (planes) of the network (Control and User Planes). Experts indicated that the ASN.1 interface was not reliable enough, and the management protocols used to analyze the controls of the control plane were vulnerable to incorrectly formed messages.
A vulnerability was found in one of the most popular open extensions of the 5G nucleus called Free5GC, which is used in commercial solutions by large nucleus suppliers for 5G networks. The exploitation of existing errors can lead to serious disruptions of operations, financial and reputation losses, or even paralysis of vital infrastructure for industries using 5G technologies.
To ensure the safety of 5G networks, researchers recommend the following:
- Strictly regulate and manage the registration and use of SIM cards.
- Provide a clear separation of management and user planes.