5G Vulnerability & Security Flaws

Hello Experts,

As 5G rolls out, security flaws may emerge…

Does anyone have some study or comments about 5G vulnerability?

Maybe to highlight the points in 5G topology that are most fragile, and need attention, as well as some workaround/fixes already known to avoid such problems.

Does 5G Networks inherit vulnerabilities in 4G Networks? (i.e. denial-of-service and other attacks are not addressed)

Any comment/feedback will be appreciatted.


Several 5G networks are being built on top of the core of 4G LTE networks. So, the vulnerabilities in the diameter-signaling protocol will remain - which means that many of the same security problems will persist.

NSA networks is based on the 4G core network, therefore, subscribers who count on the advantages of 5G, including improved security, are still susceptible to the threats associated with 4G networks.

Hello @marcelofb, please check this: An article outlining the physical (PHY) layer vulnerabilities of 5G NR. Including Radio jamming (the deliberate jamming, blocking or creating interference with authorized wireless network), Radio Sniffing (technique helps to decode all sorts of essential network configuration details easily) and RF spoofing (transmitting a fake signal meant to pretence as an actual signal).


Network product class description for the gNB
Vulnerability and Threats related to Control plane and User plane in the network
• Control plane data confidentiality protection
• Control plane data integrity protection
• User plane data confidentiality protection at gNB
• User plane data integrity protection
• AS algorithm selection and use
• Bidding down on Xn-Handover
Threats related to UDM assets
• Incorrect SUCI de-concealment
• Synchronization failure
• Failure to store the authentication status
Vulnerability and threats specific to the AUSF
Threats related to authentication procedures
Assets and threats specific to the SEPP
Threats related to cryptographic material in the SEPP
• Misusing cryptographic material of peer SEPPs and IPX providers
• Misusing cryptographic material beyond connection-specific scope
Threats related to error handling in the SEPP
• Incorrect handling for PLMN ID mismatch
• Incorrect handling for protection policies mismatch
Threats related to sensitive information exposure
• Weak JWS algorithm
• Exposure of confidential IEs in N32-f message
Threats related to NRF authorization
• No slice specific authorization for NF discovery
Threats related to NEF assets
• No authentication on application function
• No authorization on northbound APIs
Threats related to SMF assets
• Priority of UP security policy
• TEID uniqueness failure
• Charging ID Uniqueness failure
• UP security policy check
Assets and threats specific to the AMF
Threats related to AKA procedures
• Resynchronization
• Failed Integrity check of Initial Registration message
• RES* verification failure
Threats related to security mode command procedure
• Bidding Down
• NAS integrity selection and use
• NAS NULL integrity protection
• NAS confidentiality protection
Threats related to security in Intra-RAT mobility
• Bidding down on Xn-Handover
• NAS integrity protection algorithm selection in AMF change
Threats related to release of non-emergency bearer
Threats related to initial registration procedure
Invalid or unacceptable UE security capabilities
Threats related to 5G-GUTI allocation
Failure to allocate new 5G-GUTI
Assets and threats specific to the UPF
• Threats related to user plane data transport
• Threats related to signalling data
• Threats related to TEID


I hope this information help.