AI Detects Security Flaws in Hundreds of 5G Smartphones
- Researchers led by the University at Buffalo have identified security vulnerabilities affecting more than 540 5G smartphone models globally.
- The vulnerability stems from a timing gap during the initial communication between a smartphone and a cell tower.
- Hu explained that some of these messages are processed prior to the phone verifying the tower’s authenticity, which creates a window of opportunity for malicious interference.
Researchers led by the University at Buffalo have identified security vulnerabilities affecting more than 540 5G smartphone models globally. The discovery, published May 14, 2026, reveals a flaw in how devices authenticate network connections, potentially allowing malicious actors to disrupt cellular service across devices from every major manufacturer.
The vulnerability stems from a timing gap during the initial communication between a smartphone and a cell tower. According to lead investigator Hongxin Hu, a professor and associate chair of the Department of Computer Science and Engineering at the University at Buffalo, the issue occurs during the rapid exchange of configuration messages required for calls, text messages, and video streaming.
Hu explained that some of these messages are processed prior to the phone verifying the tower’s authenticity
, which creates a window of opportunity for malicious interference.
To identify these hidden weaknesses, Hu and collaborators from the University at Buffalo and Texas A&M University developed a new AI-driven testing framework called CONSET, or Constraint-Guided Semantic Testing. This system is designed to detect logic errors in device software that traditional testing methods often overlook.
The complexity of the 5G standard contributes to the prevalence of these flaws. The specifications governing how phones communicate with cell towers are developed by the 3rd Generation Partnership Project (3GPP) and encompass thousands of pages of technical documentation. These documents outline detailed rules for how different components of configuration messages must interact.
When manufacturers fail to implement these relationships correctly in the device software, subtle logic errors can emerge. Because of the scale and complexity of the 3GPP specifications, these errors frequently evade standard manufacturer testing.
5G is the backbone of our connected world, from consumer smartphones to critical infrastructure. This work shows that AI can play an important role in making that backbone more secure.
Hongxin Hu, professor at the University at Buffalo
The research has already led to corrective actions within the semiconductor and hardware industries. The findings prompted security fixes from chipmakers MediaTek and Qualcomm, and the research team has engaged in collaborations with Google and Apple to address the vulnerabilities.
The use of the CONSET framework highlights a shift toward using artificial intelligence to bridge the gap between theoretical technical specifications and real-world software implementation. By automating the detection of semantic contradictions in how a device handles network messages, the framework allows manufacturers to patch vulnerabilities before they can be exploited in the wild.
Hu noted that the team’s findings demonstrate that this specific processing gap creates an opening for malicious interference, exposing vulnerabilities that affect smartphones from every major manufacturer.
