{"id":221035,"date":"2025-08-27T01:16:57","date_gmt":"2025-08-27T06:16:57","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/08\/new-sni5gect-attack-crashes-phones-and-downgrades-5g-to-4g-without-rogue-base-station"},"modified":"2025-08-27T01:16:57","modified_gmt":"2025-08-27T06:16:57","slug":"new-sni5gect-attack-crashes-phones-and-downgrades-5g-to-4g-without-rogue-base-station","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/08\/new-sni5gect-attack-crashes-phones-and-downgrades-5g-to-4g-without-rogue-base-station","title":{"rendered":"New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/new-sni5gect-attack-crashes-phones-and-downgrades-5g-to-4g-without-rogue-base-station2.jpg\"><\/a><\/p>\n<p>\u201cAs opposed to using a rogue base station, which limits the practicality of many 5G attacks, SNI5GECT acts as a third-party in the communication, silently sniffs messages, and tracks the protocol state by decoding the sniffed messages during the UE attach procedure,\u201d the researchers said. \u201cThe state information is then used to inject a targeted attack payload in downlink communication.\u201d<\/p>\n<p>The findings build upon a prior study from ASSET in late 2023 that led to the discovery of 14 flaws in the firmware implementation of 5G mobile network modems from MediaTek and Qualcomm, collectively dubbed <a href=\"https:\/\/thehackernews.com\/2023\/12\/new-5g-modems-flaws-affect-ios-devices.html\" rel=\"noopener\" target=\"_blank\">5Ghoul<\/a>, that could be exploited to launch attacks to drop connections, freeze the connection that involves manual reboot, or downgrade the 5G connectivity to 4G.<\/p>\n<p>The Sni5Gect attacks are designed to passively sniff messages during the initial connection process, decode the message content in real-time, and then leverage the decoded message content to inject targeted attack payloads.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cAs opposed to using a rogue base station, which limits the practicality of many 5G attacks, SNI5GECT acts as a third-party in the communication, silently sniffs messages, and tracks the protocol state by decoding the sniffed messages during the UE attach procedure,\u201d the researchers said. \u201cThe state information is then used to inject a targeted [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1512],"tags":[],"class_list":["post-221035","post","type-post","status-publish","format-standard","hentry","category-mobile-phones"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/221035","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=221035"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/221035\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=221035"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=221035"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=221035"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}