Boffins say tool can sniff 5G traffic, launch 'attacks' without using rogue base stations

Security boffins have released an open source tool for poking holes in 5G mobile networks, claiming it can do up- and downlink sniffing and a novel connection downgrade attack - plus "other serious exploits" they're keeping under wraps, for now.

"Sni5Gect [is] a framework that sniffs messages from pre-authentication 5G communication in real-time," the researchers from the Singapore University of Technology and Design explained of their work, presented this week at the 34th USENIX security bash, "and injects targeted attack payload in downlink communication towards the UE [User Equipment, i.e. a phone]."

Designed to take advantage of the period just after a device connects to a 5G network and is still in the process of handshaking and authentication - which, the team points out, can occur when entering or leaving a lift, disembarking a plane and turning aeroplane mode off, or even passing through a tunnel or parking garage - Sni5Gect ...