Boffins say tool can sniff 5G traffic, launch ‘attacks’ without using rogue base stations
Researchers in Singapore released Sni5Gect, an open-source framework that can intercept pre-authentication 5G traffic and inject attack payloads using cheap radio gear, without needing a fake base station.
A team at the Singapore University of Technology and Design has published a tool that sniffs 5G traffic and injects packets in real time, sidestepping the rogue base stations that earlier attacks required.
The short version
- The tool, Sni5Gect, was built by researchers at the Singapore University of Technology and Design.
- It intercepts pre-authentication 5G communications and injects payloads into downlink transmissions to handsets.
- Reported results include 80%+ sniffing accuracy and a 70–90% packet injection success rate.
- It can perform novel 5G-to-4G downgrade attacks, denial-of-service and device fingerprinting.
- Attacks work at up to 20 metres using consumer-grade software-defined radio hardware.
- Released on GitHub under the AGPL 3 for research and education; GSMA assigned vulnerability ID CVD-2024-0096.
Why it matters
Previous practical 5G attacks generally depended on operating a rogue base station, a comparatively visible and resource-heavy approach. By relying on off-the-shelf software-defined radios instead, Sni5Gect lowers the bar for intercepting and manipulating early 5G handshakes, raising fresh questions about pre-authentication signalling and forced downgrades onto older, weaker network generations.
Summary by Nerd News Network. Read the full article at The Register via the links above and below.