Watch the stream
5G networks are being opened up at every layer and attackers are paying attention. On the radio interface, we assess what operators actually deploy: is encryption enabled? Is integrity protection enforced on signaling and user plane? Are null ciphers still accepted? How well is the network isolated from external access? These fundamentals still fail more often than you'd think.
The 5G core runs on cloud-native REST-based architectures where a single misconfigured network function can expose subscriber data or provide persistence into critical infrastructure. We demonstrate this live using our open-source 5GC API Pentest Burp Suite extension automating NF discovery, IMSI enumeration, credential extraction, and API fuzzing against a 5G core. OpenRAN disaggregates the radio access network into open interfaces between O-RU, O-DU, O-CU, and the RIC - creating attack surfaces that didn't exist in monolithic base stations. And now CAMARA, the industry initiative exposing network capabilities through standardized APIs, gives third parties access to device location, SIM swap, and number verification, with security models still maturing.
This talk walks through real assessments and attacks at each layer from verifying radio protections to exploiting core APIs and examining how some endpoints could enable surveillance and fraud.
Sébastien Dudek , Penthertz
Sébastien Dudek is the founder of Penthertz, a French company specializing in wireless and hardware security. With over 15 years of experience in telecommunications security, he has published research on 5G security, Open RAN, baseband fuzzing, mobile network interception, and power-line communication vulnerabilities. He is the creator of RF Swift, an open-source SDR toolkit, V2G Injector/HomeplugPWN, 5GC API Pentest, and LoRa Craft among other security tools.
His clients major defense and (aero)space companies, include automotive, and his work spans from 2G through 5G security, OT/IoT device security, and critical infrastructure protection.