Tencent demonstrates 5G security flaw: can send fake bank text messages to users

Spam is usually sent by the black industry using illegally purchased radio equipment to establish a “fake base station”, and now a team of white hat hackers have found that, using the communication protocol vulnerabilities, can also “create” spam effect.

On October 24, in the GeekPwn2020 international security geek competition, Tencent security Xuanwu Lab senior researcher Li Guancheng, Dai Ge demonstrated a new 5G security research findings: the use of 5G communication protocol design issues, hackers can “hijack” the same base station under the coverage of any phone TCP communications, including all kinds of text messages sent and received, App and server communications may be hijacked.

Li Guancheng and Dai Ge demonstrated the process of breaking the 5G message (RCS) by sending a message to a specific phone with the number “20201024”. In fact, the message can not only be sent with the number “20201024”, but can imitate any number.

According to Tencent, this vulnerability means that the user receives a display of “955**” bank SMS or App message push could come from an unknown malicious user, black gangs can use this vulnerability to carry out various forms of attacks, such as fake banks to send text messages to victims to inform victims of unusual transactions, leading to The victim goes to click on a link, which is actually implanted with a Trojan horse that can steal the victim’s bank card information; it may also fake the victim’s mobile phone number to send a text message to his or her family, make a transfer or other request; or even hijack any HTTP access, causing sensitive information such as user account passwords to be leaked.

According to Xuanwu Labs, this vulnerability is a communication protocol vulnerability that does not depend on any particular device or network environment, as long as the attacker and the attacked are under the same base station coverage to complete the attack, and the entire process is imperceptible on the user side. 5G, 4G, and 3G communication protocols all have this vulnerability.

“This problem affects all mobile phones in the world,” Yang Yu, head of Tencent Security Xuanwu Lab, told Pharma News (www.thepaper.cn), “RCSs running under 4G5G can be hijacked, and in fact (using this vulnerability) can be ‘Hijacking’ any network communications under 4G and 5G.”

“With the upgrade of communication technology, 5G communication is more secure on the whole, but it doesn’t mean we can take 5G security lightly,” Li Guancheng, a senior researcher at Tencent Security Xuanwu Lab, said.

“We will notify the information security authorities, and then we will also inform the relevant standards organizations about this matter,” Yang Yu said.

However, there may not be too much to worry about for the average user. Yang Yu said the vulnerability is “very difficult to crack,” and “it’s quite difficult in our lab’s history. Talking about the process of discovering the vulnerability, Tencent Security Xuanwu Lab senior researchers Li Guancheng and Dai Ge said that the amount of standard documents for 5G is very large, and it is very difficult to discover the vulnerability from a sea of tens of millions of words.

It is very difficult to find vulnerabilities in the ocean of tens of millions of words. It is the daily work of “white hat hackers” to find vulnerabilities and then publish them to manufacturers for repair to prevent “black hat hackers” from stealing information and making money. The annual GeekPwn International Security Geek Contest brings together a large number of white hat hackers. In this contest, the challengers demonstrated scenarios such as homemade radar interfering with self-driving cars.

Wang Qi, founder of Acershock KEEN and founder of the GeekPwn competition, said at the conference, “Geeks should not be black, nor should they be mysterious. Geeks are actually like medical workers who avoid problems by finding vulnerabilities in advance. I believe that geeks can use their curiosity to discover unknown flaws and can use their sense of responsibility to sound the alarm.”