Cybersecurity researchers at Singapore University of Technology and Design have unveiled a sophisticated new attack framework called SNI5GECT that can intercept 5G communications and inject malicious payloads without requiring a rogue base station.
The research demonstrates significant vulnerabilities in the current 5G infrastructure that could allow attackers to crash devices, downgrade connections, and steal user identities from distances up to 20 meters.
Revolutionary Attack Methodology
Unlike traditional 5G attacks that rely on setting up fake base stations, SNI5GECT operates as a third-party interceptor, silently monitoring communications between legitimate 5G devices and network infrastructure.
The framework tracks protocol states by decoding sniffed messages during the user equipment (UE) attachment procedure, then uses this intelligence to inject targeted attack payloads into downlink communications.
The research team, led by Shijie Luo alongside Matheus Garbelini, Sudipta Chattopadhyay, and Jianying Zhou, tested their framework against five different 5G-enabled devices using both open-source srsRAN and commercial Effnet base stations.
Their evaluation revealed alarming success rates, with over 80% accuracy in both uplink and downlink message sniffing and 70-90% success rates for message injection attacks.
SNI5GECT demonstrates multiple attack vectors that pose serious security risks to 5G users.
The framework can successfully crash user devices, force connections to downgrade to older, less secure network generations, and extract sensitive user identity information.
These attacks maintained success rates consistently above 70% when the target device’s distance was known to the attacker.
Perhaps most concerning is the discovery of a new multi-stage downgrade attack that leverages the SNI5GECT framework’s capabilities.
This sophisticated attack sequence can systematically weaken a device’s connection security by forcing it to use less robust authentication protocols from earlier network generations.
The severity of these vulnerabilities has been acknowledged by the GSM Association (GSMA), the global organization representing mobile network operators worldwide.
Following responsible disclosure practices, the research team coordinated with GSMA, which has assigned a coordinated vulnerability disclosure (CVD) identity to track and address these security issues.
The research highlights critical gaps in 5G security implementations that affect real-world deployments.
As 5G networks continue expanding globally, these findings underscore the urgent need for enhanced security measures to protect against sophisticated interception and injection attacks.
The SNI5GECT framework represents a significant advancement in 5G security research, providing cybersecurity professionals with practical tools for evaluating both current and emerging threats in live network environments.
The research paper will be presented at USENIX Security 2025, with full documentation available through the conference’s open access initiative.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Source link
