Table of Contents
Fetching ...

How Feasible are Passive Network Attacks on 5G Networks and Beyond? A Survey

Atmane Ayoub Mansour Bahar, Andrés Alayón Glazunov, Romaric Duvignau

TL;DR

<3-5 sentence high-level summary> This survey evaluates how feasible passive network attacks (PNAs) are on 5G and beyond, focusing on information extraction and geolocation threats. It collects 41 representative studies, categorizes attacks by input type (packet sequences, flows, control-plane/physical-layer data), and analyzes feasibility under 5G/B5G constraints such as encryption and beamforming. The analysis shows that broadly applicable, payload- or flow-based PNAs are largely infeasible in 5G, while a subset of control-plane and RF-side-channel attacks remain possible but require significant expertise and equipment. The findings imply that 5G and especially B5G/6G shift adversaries toward specialized, hardware-intensive, privacy-risk channels, informing defense strategies and standards development.

Abstract

Privacy concerns around 5G, the latest generation of mobile networks, are growing, with fears that its deployment may increase exposure to privacy risks. This perception is largely driven by the use of denser deployments of small antenna systems, which enable highly accurate data collection at higher speeds and closer proximity to mobile users. At the same time, 5G's unique radio communication features can make the reproduction of known network attacks more challenging. In particular, passive network attacks, which do not involve direct interaction with the target network and are therefore nearly impossible to detect, remain a pressing concern. Such attacks can reveal sensitive information about users, their devices, and active applications, which may then be exploited through known vulnerabilities or spear-phishing schemes. This survey examines the feasibility of passive network attacks in 5G and beyond (B5G/6G) networks, with emphasis on two major categories: information extraction (system identification, website and application fingerprinting) and geolocation (user identification and position tracking). These attacks are well documented and reproducible in existing wireless and mobile systems, including short-range networks (IEEE 802.11) and, to a lesser extent, LTE. Current evidence suggests that while such attacks remain theoretically possible in 5G, their practical execution is significantly constrained by directional beamforming, high-frequency propagation characteristics, and encryption mechanisms. For B5G and early 6G networks, the lack of public tools and high hardware cost currently renders these attacks infeasible in practice, which highlights a critical gap in our understanding of future network threat models.

How Feasible are Passive Network Attacks on 5G Networks and Beyond? A Survey

TL;DR

<3-5 sentence high-level summary> This survey evaluates how feasible passive network attacks (PNAs) are on 5G and beyond, focusing on information extraction and geolocation threats. It collects 41 representative studies, categorizes attacks by input type (packet sequences, flows, control-plane/physical-layer data), and analyzes feasibility under 5G/B5G constraints such as encryption and beamforming. The analysis shows that broadly applicable, payload- or flow-based PNAs are largely infeasible in 5G, while a subset of control-plane and RF-side-channel attacks remain possible but require significant expertise and equipment. The findings imply that 5G and especially B5G/6G shift adversaries toward specialized, hardware-intensive, privacy-risk channels, informing defense strategies and standards development.

Abstract

Privacy concerns around 5G, the latest generation of mobile networks, are growing, with fears that its deployment may increase exposure to privacy risks. This perception is largely driven by the use of denser deployments of small antenna systems, which enable highly accurate data collection at higher speeds and closer proximity to mobile users. At the same time, 5G's unique radio communication features can make the reproduction of known network attacks more challenging. In particular, passive network attacks, which do not involve direct interaction with the target network and are therefore nearly impossible to detect, remain a pressing concern. Such attacks can reveal sensitive information about users, their devices, and active applications, which may then be exploited through known vulnerabilities or spear-phishing schemes. This survey examines the feasibility of passive network attacks in 5G and beyond (B5G/6G) networks, with emphasis on two major categories: information extraction (system identification, website and application fingerprinting) and geolocation (user identification and position tracking). These attacks are well documented and reproducible in existing wireless and mobile systems, including short-range networks (IEEE 802.11) and, to a lesser extent, LTE. Current evidence suggests that while such attacks remain theoretically possible in 5G, their practical execution is significantly constrained by directional beamforming, high-frequency propagation characteristics, and encryption mechanisms. For B5G and early 6G networks, the lack of public tools and high hardware cost currently renders these attacks infeasible in practice, which highlights a critical gap in our understanding of future network threat models.
Paper Structure (40 sections, 3 equations, 7 figures, 5 tables)

This paper contains 40 sections, 3 equations, 7 figures, 5 tables.

Figures (7)

  • Figure 1: Eavesdropping on cellular communications at the edge.
  • Figure 2: Illustration of encrypted traffic classification from captured traces.
  • Figure 3: Publication year of selected key surveys covering PNAs.
  • Figure 4: Evolution of the network architecture from 4G to 5G.
  • Figure 5: Comparison between 4G, 5G, and B5G/6G.
  • ...and 2 more figures