Abstract
5G networks are designed with advanced protections to counter interception, fraud, and denial-of-service attacks. But what happens when an attacker leverages legitimate protocol semantics to navigate beyond intended security boundaries? This talk presents a new class of attacks that exploit subtle flaws in the design and deployment of 5G user plane architecture.
Through hands-on evaluation across multiple commercial and open-source 5G cores, we demonstrate how trust assumptions in user-plane traffic can be broken—enabling communication with otherwise unreachable core systems. The findings expose limitations in current protections and call for a reexamination of user plane trust in 5G architectures.