Preloader

SNI5GECT Attack: A New Threat to 5G Network Security

SNI5GECT Attack: A New Threat to 5G Network Security

SNI5GECT Attack: A New Threat to 5G Network Security

Mobile networks have always been a target for cyber attackers. Tools like IMSI Catcher (Stingray) and SMS Blaster have long been used to track user locations, spread malware, and send spoofed messages. With the arrival of newer generations, security improved; in 3G and 4G, identifying users became harder, but risks of tracking and data leakage still existed. The question now is: Does upgrading to 5G make us safe? The short answer: unfortunately not.

Downgrade Attacks: A Step Backwards

Many common attacks, such as SMS Blaster, rely on Downgrade techniques—forcing the victim’s device to connect to an older standard. This allows attackers to extract the user’s IMSI or send fake SMS messages impersonating trusted companies. Such attacks work by disrupting legitimate cell tower signals and broadcasting fake ones. Although this method can be detected, it still poses a significant threat.

Introducing the SNI5GECT Attack

Researchers at the Singapore University of Technology and Design have introduced a new attack called SNI5GECT, which directly targets 5G networks without needing to interfere with real signals. Using this method, an attacker within 20 meters of the victim can reboot the device modem or force it to switch back to 4G, where tracking and exploitation are easier.

How the Attack Works

Before a phone establishes a secure connection with a 5G tower, some information is exchanged in unencrypted form. During this short window, the attacker injects a malicious packet faster than the real tower. The outcome can be:

  • The phone is forced to connect to 4G → enabling all known 4G-based attacks.

  • The modem reboots → causing a temporary disruption in connectivity.

This attack has been tested on OnePlus Nord CE 2, Samsung Galaxy S22, Google Pixel 7, and Huawei P40 Pro, with results varying depending on the modem type (MediaTek, Qualcomm, Samsung, Huawei).

Limitations and Conditions

  • The attacker must be within 20 meters of the victim (often less in practice).

  • The attack is only possible before the device registers with a 5G tower.

  • Practical scenarios include airports, business meetings, or high-profile conferences.

  • For maximum effectiveness, attackers may combine this method with older 4G/3G/2G exploits.

A Threat for the Future

The SNI5GECT attack marks the beginning of more advanced threats against 5G networks. As adoption of 5G expands and legacy standards are phased out, research—and consequently, attacks—on the 5G protocol will only increase.

Suggested Defensive Measures

Currently, there is no definitive solution to prevent this type of attack. Even disabling 5G doesn’t help, as devices will automatically fall back to 4G. However, the following steps may reduce risk:

  • Regularly update the phone’s operating system and modem firmware.

  • Enable Airplane Mode during sensitive meetings or, if possible, leave the phone outside.

  • Disable legacy standards (2G/3G) in device settings, while considering their pros and cons.