Sni5Gect: New 5G Attack Degrades Connections Without Fake Antennas

The arrival of 5G promised ultra-fast connections, lower latency, and a more secure infrastructure compared to previous generations like 4G or 3G. However, as with any technology, security is never absolute. A team of researchers from the ASSET Research Group at the Singapore University of Technology and Design (SUTD) has just demonstrated this with a novel attack framework dubbed Sni5Gect.

This attack framework has a disturbing feature: it can degrade your 5G connection without needing rogue base stations, one of the most common tactics until now. The researchers have found a new way to intercept and manipulate communications between your mobile device and the network during the most vulnerable seconds of the connection process.

At TecnetOne, we want to explain how it works, why it's dangerous, and what lessons it brings for businesses and users that rely on this technology.

What Is Sni5Gect and How Does It Work?

The name stands for Sniffing 5G Inject, which precisely describes what it does: it sniffs unencrypted messages exchanged between a 5G base station (gNB) and a mobile device (UE) and then injects malicious messages over the air to manipulate communication.

The surprising part? It doesn’t require rogue base stations or million-dollar equipment. It’s open-source software that, in the wrong hands, could be used with relatively affordable hardware.

Main Capabilities of Sni5Gect

1. Degrade a 5G connection to 4G or 3G, exposing users to vulnerabilities already documented in older technologies.

1. Trigger modem crashes or blocks, effectively cutting off service.

1. Capture device fingerprints and bypass authentication processes, enabling tracking and network identity theft.

The attack specifically targets the pre-authentication and pre-encryption phase. Before 5G communication is protected, there's a brief window where messages are transmitted in plaintext — that's when Sni5Gect strikes.

Learn more: Microsoft Authenticator Will No Longer Be a Password Manager

Why Is This Discovery So Significant?

Until now, manipulating a 5G connection was thought to require rogue base stations, limiting such attacks to well-funded adversaries. But Sni5Gect proves that attackers can exploit the communication without controlling the base station, acting merely as a “spy” that intercepts traffic.

This discovery broadens the threat landscape, lowering technical and financial barriers.

In real-world testing, researchers achieved:

1. 80% sniffing success on uplink and downlink traffic

1. 70% to 90% success rate in message injection

1. Operation at distances of up to 20 meters — enough for a cafe, airport, or shopping center.

Tested devices included well-known models: OnePlus Nord CE 2, Samsung Galaxy S22, Google Pixel 7, and Huawei P40 Pro, proving this is not a single-vendor issue but a widespread 5G ecosystem vulnerability.

Manipulation of communications (Source: BlackHat)

Background: Prior 5G Vulnerabilities

This work builds on previous research. In 2023, the same team (ASSET) discovered 5Ghoul, a set of 14 vulnerabilities in MediaTek and Qualcomm modem firmware. These flaws could force disconnects, crash modems, and degrade 5G to 4G.

Sni5Gect goes further — it shows you don’t even need to compromise a base station. You just need to attack that tiny window before encryption begins.

This highlights a fundamental truth: security depends not just on protocols but on all intermediate stages, which are often more exposed.

What Could an Attacker Do With This Method?

The main risk is downgrading to 4G. While 5G is more secure, 4G carries known vulnerabilities such as:

1. Tracking a device's location with relative ease

1. Intercepting calls and messages

1. Exploiting documented flaws in signaling

Additionally:

1. Crashing the modem can be used for targeted denial-of-service attacks

1. Device fingerprinting helps identify users even in anonymized environments

In short: this attack kicks you out of 5G and leaves you vulnerable in a weaker ecosystem.

Industry Reaction

The GSMA (Global System for Mobile Communications Association) has acknowledged the finding and labeled it CVD-2024-0096, a code reserved for critical vulnerabilities.

Researchers also highlight that Sni5Gect is not just a threat, but also a valuable tool for future 5G research:

1. Useful in intrusion detection projects

1. Helps design mitigation strategies

1. Enables packet-level defense testing

In short: it’s both a red flag and a chance to strengthen security.

Also of interest: Bluetooth Vulnerabilities Allow Hackers to Spy on Your Microphone

What This Means for Businesses and Users

At TecnetOne, we often say cybersecurity isn’t a product — it’s a process. Sni5Gect shows that even modern technologies like 5G have weak spots, exploitable in everyday scenarios.

For consumers, the main recommendation is to keep devices updated. Many vendors are already working on patches to harden the initial communication phase.

For businesses that depend heavily on 5G — such as industrial IoT, automotive, or connected healthcare — the message is clear:

1. Not all 5G traffic is 100% secure

1. Invest in additional monitoring and anomaly detection

1. Combine network security with additional layers like end-to-end encryption

Explotation potencial (Source: BlackHat)

Conclusion: A Wake-Up Call for 5G

The Sni5Gect framework proves that telecom security is not static. While 5G was designed to be safer than 4G, attackers continue to find new angles to exploit vulnerabilities.

The key lessons:

1. Don’t blindly trust a new technology just because it’s new.

1. Invest in research and preventive measures, so attackers don’t turn academic findings into real cyberattacks.

At TecnetOne, we believe these investigations are essential. They remind us that cybersecurity is non-negotiable, and every tech innovation must be paired with a proactive security mindset to protect infrastructure and people.