CyberHappenings logo
☰
🏠 Home 📂 Browse ℹī¸ About

Sni5Gect Attack Framework Exploits Unencrypted 5G Messages

First reported
Last updated
📰 1 unique sources, 1 articles

Summary

Hide ▲

A team of academics from the ASSET Research Group at the Singapore University of Technology and Design (SUTD) has developed a new attack framework named Sni5Gect. This framework exploits unencrypted messages exchanged during the initial 5G connection process to crash phone modems, downgrade 5G connections to 4G, fingerprint devices, or bypass authentication. The attack does not require a rogue base station, making it more practical and stealthy. The researchers demonstrated the framework's effectiveness on five smartphones, achieving high success rates in sniffing and injecting messages from a distance of up to 20 meters. The Global System for Mobile Communications Association (GSMA) has acknowledged the attack and assigned it the identifier CVD-2024-0096.

Timeline

  1. 26.08.2025 20:23 📰 1 articles

    Sni5Gect Attack Framework Exploits Unencrypted 5G Messages

    A team of academics from the ASSET Research Group at the Singapore University of Technology and Design (SUTD) has developed a new attack framework named Sni5Gect. This framework exploits unencrypted messages exchanged during the initial 5G connection process to crash phone modems, downgrade 5G connections to 4G, fingerprint devices, or bypass authentication. The attack does not require a rogue base station, making it more practical and stealthy. The researchers demonstrated the framework's effectiveness on five smartphones, achieving high success rates in sniffing and injecting messages from a distance of up to 20 meters. The Global System for Mobile Communications Association (GSMA) has acknowledged the attack and assigned it the identifier CVD-2024-0096.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Apple zero-day flaw in Image I/O framework exploited in targeted attacks

Apple has patched a zero-day vulnerability in the Image I/O framework (CVE-2025-43300) exploited in targeted attacks. The flaw, an out-of-bounds write issue, could lead to memory corruption or remote code execution. The vulnerability affects multiple iOS, iPadOS, and macOS versions. Apple has released updates for iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8. The flaw was exploited in sophisticated attacks against specific individuals. The vulnerability impacts a wide range of devices, including iPhone XS and later, various iPad models, and Macs running macOS Sequoia, Sonoma, and Ventura. Users are advised to update their devices immediately to mitigate the risk. The flaw was discovered internally by Apple and addressed with improved bounds checking. Apple has fixed a total of seven zero-days exploited in real-world attacks since the start of the year. The attacker's identity and specific targets remain unknown, but the vulnerability was likely weaponized as part of highly targeted attacks. The attacks have been described as 'extremely sophisticated,' suggesting nation-state involvement or spyware activity. Apple has previously disclosed other zero-day vulnerabilities this year, including CVE-2025-24200 and CVE-2025-43200, which were also exploited in targeted attacks. WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. The flaw (tracked as CVE-2025-55177) affects WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78. The vulnerability, in combination with the Apple zero-day flaw (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users. The flaw is an insufficient authorization of linked device synchronization messages. WhatsApp has notified an unspecified number of individuals that they believe were targeted by an advanced spyware campaign in the past 90 days using CVE-2025-55177. The attacks impacted both iPhone and Android users, including civil society individuals. WhatsApp sent in-app threat notifications to less than 200 users who may have been targeted as part of the campaign. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the WhatsApp vulnerability (CVE-2025-55177) to its Known Exploited Vulnerabilities (KEV) catalog. The WhatsApp flaw was exploited as part of a highly-targeted spyware campaign by chaining it with the Apple zero-day flaw (CVE-2025-43300). Federal Civilian Executive Branch (FCEB) agencies are advised to apply the necessary mitigations by September 23, 2025, for both the vulnerabilities to counter active threats.

Open in new tab