Ethical Hacking News
Researchers have released a 5G traffic sniffing tool called Sni5Gect that can exploit vulnerabilities in the 5G mobile network, allowing for unauthorized access and manipulation of sensitive information. The tool has been made available as an open-source framework, with some features limited to trusted pen testers.
Sni5Gect is an open-source tool designed to sniff 5G traffic and inject attack payloads, posing a significant threat to mobile network security. The tool exploits a vulnerability in the pre-authentication phase of 5G communication, allowing for real-time sniffing and stateful injection capabilities. Sni5Gect can sniff uplink and downlink traffic with over 80% accuracy at ranges of up to 20 meters from an off-the-shelf software-defined radio. The tool enables novel connection downgrade attacks, allowing for the reduction of security measures and further surveillance and attacks.
In a significant breakthrough that is likely to raise concerns among cybersecurity experts and mobile network operators alike, researchers from the Singapore University of Technology and Design have released an open-source tool designed to sniff 5G traffic and inject attack payloads. Dubbed Sni5Gect, this framework has been hailed as the first of its kind, empowering researchers with both over-the-air sniffing and stateful injection capabilities without requiring a rogue base station.
According to the research team's paper, published at the 34th USENIX security bash, Sni5Gect works by exploiting a vulnerability in the pre-authentication phase of 5G communication. Specifically, it targets the period just after a device connects to a 5G network and is still in the process of handshaking and authentication, which can occur when entering or leaving a lift, disembarking a plane, turning aeroplane mode off, or even passing through a tunnel or parking garage.
During this critical phase, messages exchanged between the base station and a target handset are not encrypted, making it possible for an attacker to sniff uplink and downlink traffic without knowledge of the UE's credentials. Furthermore, Sni5Gect enables the injection of targeted attack payloads in downlink communication towards the UE, allowing for novel connection downgrade attacks.
The researchers claim that their tool can sniff both uplink and downlink traffic with more than 80 percent accuracy at ranges of up to 20 meters between an off-the-shelf software-defined radio and the target mobile. For packet injection, the success rate varied between 70-90 percent, delivering, among other things, proof of a novel downgrade attack by which a ne'er-do-well equipped with Sni5Gect could downgrade a connection from 5G to 4G to reduce its security and carry out further surveillance and attacks.
Sni5Gect works in real-time, allowing it to inject attack payloads based on protocol state. The tool is suited for fingerprinting, denial-of-service attacks, and downgrading, making it a significant threat to the integrity of 5G networks.
The researchers have communicated with the GSM Association (GSMA), the organization responsible for the 5G standard, prior to presenting their findings; the GSMA confirmed their discovery of the novel downgrade attack. The team has also assigned the vulnerability CVD-2024-0096 under its common vulnerabilities and disclosures program.
Not all of the capabilities claimed in the team's paper have been fully disclosed, however. The researchers have kept private "other serious exploits leveraging the framework," in order to "avoid abusing SNI5Gect to launch attacks against people's smartphones[s]." These exploits, it is claimed, will be made available only to "trusted institutions like universities and research institutions" upon application and verification of their legitimate interest.
The Sni5Gect framework itself is available in full, alongside the exploits discussed in the team's paper, on GitHub, under the GNU Affero General Public Licence 3. With the disclaimer that it's "for research and educational purposes only," the researchers have warned that use on live networks "may violate local laws and regulations."
This groundbreaking discovery highlights the need for greater vigilance among mobile network operators and cybersecurity experts, who must now reassess their security protocols to prevent similar vulnerabilities from being exploited in the future. As the world of 5G continues to evolve at an unprecedented pace, it is crucial that researchers and developers prioritize the development of robust security measures to safeguard against such threats.
In conclusion, Sni5Gect represents a significant breakthrough in the realm of 5G security research, offering a valuable tool for researchers and cybersecurity experts alike. As the world grapples with the challenges posed by this emerging technology, it is essential that we prioritize the development of robust security measures to protect against threats like those presented by Sni5Gect.
Related Information:
https://www.ethicalhackingnews.com/articles/Unveiling-the-Vulnerabilities-A-Deep-Dive-into-Sni5Gect-the-5G-Traffic-Sniffing-Tool-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/08/18/sni5gect/
Published: Mon Aug 18 06:37:13 2025 by llama3.2 3B Q4_K_M
