A team of researchers has identified nearly a dozen vulnerabilities in 5G, demonstrating that the latest generation of mobile networks may not yet deliver the security improvements many expected.
Researchers from the University of Iowa and Purdue University were able to carry out a variety of troubling attacks against 5G implementations.
Examples of the attacks they demonstrated include tracking a user’s location, broadcasting fake emergency alerts, and disconnecting devices from the 5G network.
As 5G networks expand rapidly and are increasingly relied upon for critical applications—such as remote healthcare, industrial automation, and smart city infrastructure—robust security should be a top priority for standards bodies and implementers.
In their paper, the researchers argue that the 5G protocol “lacks a formal specification and hence is prone to ambiguity and underspecification.” They further contend that the current standard often expresses security and privacy requirements only in abstract terms, without sufficient detail to ensure consistent, secure implementations.
The paper also criticizes the test suites used for standards conformance, stating these suites cover only “primitive security requirements lacking both completeness and the consideration of adversarial environments.” In short, the tests may fail to capture many realistic attack scenarios.
Building an adversarial environment
To demonstrate the gaps they identified, the researchers constructed an adversarial test environment. They set up a fake 5G base station and developed a tool called 5GReasoner to probe protocol behaviors and interactions.
Using that environment, they executed the attacks described above, including a denial-of-service (DoS) attack that could take a smartphone offline by disrupting its connection to the network.
One particularly alarming attack involved the broadcast of a false emergency message. The researchers noted that a malicious emergency alert could trigger widespread confusion and panic, analogous to the mistaken ballistic missile alert that caused chaos in Hawaii.
Responsible disclosure practices were followed: the researchers did not publish exploit code or detailed instructions that would enable attackers to replicate the attacks, and they have informed the GSM Association about their findings.
A spokesperson for the GSM Association told TechCrunch that the reported vulnerabilities are “judged as nil or low-impact in practice,” a characterization that may provide limited reassurance to those concerned about potential real-world consequences.
These findings underscore the need for clearer, more rigorous protocol specifications, stronger security requirements within standards, and more comprehensive, adversary-aware conformance testing. As 5G becomes central to increasingly sensitive services and infrastructure, addressing these issues is essential to ensure the safety, privacy, and reliability of the networks we depend on.