Talk to a security specialist
Field reports, security research, and technical analysis from our work auditing telecom networks
SCTP-Hijacker tears down the legitimate gNB–AMF association with a forged ABORT, then rebuilds it from the attacker's own host using SCTP multihoming and a crafted NGAP Setup Request — impersonating the base station outright. Validated on a commercial 4G network.
5G's SUCI was supposed to retire the IMSI Catcher. We bought SIM cards over the counter in Madrid, Berlin and London, set up a portable fake 5G network in a Faraday cage, and proved the promise does not hold. Four operators tested, four vulnerable.
.png)
