Exploiting DCI Leakage: A Stealthy 5G Uplink Jamming Attack Using Compromised UE

Abstract

The increasing dependence of modern society on wireless technologies has highlighted new vulnerabilities in next-generation networks such as 5G. Jamming is one of the most critical threats that can efficiently compromise a physical channel, even though data transmitted on those channels are encrypted. This work investigates the vulnerabilities of the Physical Uplink Shared Channel (PUSCH) in 5G New Radio (NR), showing the feasibility of a stealth jamming attack that takes advantage of compromised User Equipment (UE). The core of the approach is a reactive and user-selective jammer that exploits Downlink Control Information (DCI) data leaked from a backdoored UE to interfere, in frequency and time, with the allocated resources on the Uplink (UL) slots assigned to that device. By injecting white noise into the targeted PUSCH resources, the system remains undetectable while progressively degrading link performance. We implement our methodology within a reproducible and fully open-source 5G-NR testbed environment, integrating and extending the software stacks srsRAN4G, Open5GS, and free5GRAN, along with Ettus USRP B210 devices. Experimental results demonstrate that the proposed approach, synchronized with the same 5G-NR cell, can degrade UL throughput, eventually causing excessive retransmissions and leading to a radio link failure, followed by a resource control release.This highlights the limitations of existing 5G security strategies at the physical and MAC layers, showing that DCI encryption alone is not enough to ensure communication resilience. The results emphasize the importance of secure-by-design mechanisms in next-generation mobile network deployments and UE hardware.