How Feasible are Passive Network Attacks on 5G Networks and Beyond? A Survey

Atmane Ayoub Mansour Bahar Andrés Alayón Glazunov Romaric Duvignau Atmane Ayoub Mansour Bahar and Romaric Duvignau are with the Department of Computer Networks and Systems, Chalmers University of Technology and University of Gothenburg, 405 30 Gothenburg, Sweden (email: [email protected]; [email protected]). Andrés Alayón Glazunov is with the Department of Science and Technology, Linköping University, Norrköping Campus, 601 74 Norrköping, Sweden (email: [email protected]).Manuscript received XXX; revised XXX.

Abstract

Privacy concerns around 5G, the latest generation of mobile networks, are growing, with fears that its deployment may increase exposure to privacy risks. This perception is largely driven by the use of denser deployments of small antenna systems, which enable highly accurate data collection at higher speeds and closer proximity to mobile users. At the same time, 5G’s unique radio communication features can make the reproduction of known network attacks more challenging. In particular, passive network attacks, which do not involve direct interaction with the target network and are therefore nearly impossible to detect, remain a pressing concern. Such attacks can reveal sensitive information about users, their devices, and active applications, which may then be exploited through known vulnerabilities or spear-phishing schemes. This survey examines the feasibility of passive network attacks in 5G and beyond (B5G/6G) networks, with emphasis on two major categories: information extraction (system identification, website and application fingerprinting) and geolocation (user identification and position tracking). These attacks are well documented and reproducible in existing wireless and mobile systems, including short-range networks (IEEE 802.11) and, to a lesser extent, LTE. Current evidence suggests that while such attacks remain theoretically possible in 5G, their practical execution is significantly constrained by directional beamforming, high-frequency propagation characteristics, and encryption mechanisms. For B5G and early 6G networks, the lack of public tools and high hardware cost currently renders these attacks infeasible in practice, which highlights a critical gap in our understanding of future network threat models.

I Introduction

Privacy protection [senivcar2003privacy] has become an increasingly important concern in the past decade, reinforced by the advent of the General Data Protection Regulation (GDPR) and similar legislation. In particular, there is growing concern that 5G [kaska2019huawei, ahmad2019security], the latest generation of mobile networks, is more vulnerable to privacy risks and eavesdropping (see Fig. 1 for an illustration). This belief is largely driven by the denser deployment of small antenna systems positioned closer to mobile users, which enable faster, more accurate data transmission with lower latency [gadgethacksMajorPrivacy, rabine2022rise, tomasin2021location, acsGivesGovernment]. At the same time, through beamforming and massive MIMO (Multiple Input Multiple Output), 5G’s New Radio communications are much more directional than in previous generations, which makes the reproduction of known attacks significantly more challenging in this environment [mezzavilla2018end]. Consequently, it remains unclear whether 5G and beyond 5G (B5G/6G) networks pose greater or lesser privacy risks compared with other forms of wireless communication and earlier cellular standards.

Refer to caption — Figure 1: Eavesdropping on cellular communications at the edge.

In parallel, the volume of data generated by internet-connected devices has sharply increased. Combined with greater data availability and advances in machine learning (ML) technologies, this growth enables the identification of individual mobile users and their behaviors with high accuracy [reed2016leaky, reed2017identifying, conti2018dark, acar2020peek, meneghello2020smartphone]. Such information mining increasingly relies on subtle user data, particularly encrypted network traces. These traces, which act as a side-channel of wireless communication, are continuously produced, difficult to control, and therefore an attractive target. Analyzing them, a process referred to as network trace analysis, enables the design of entirely passive attack schemes, which do not require any interaction with the attacked network. Because these attacks only extract information from network logs, they are practically impossible for victims to detect. Nevertheless, they can create serious security risks, as the extracted information may be exploited to target known or even zero-day vulnerabilities in software or network protocols. Even more concerning is that such passive attacks are relatively easy to set up, potentially enabling individuals without advanced networking expertise to acquire private information about victims. This opens the door to spear-phishing schemes, such as sending fake job offers after detecting traffic from a job-seeking application, proposing fraudulent medical treatments, or even attempting direct blackmail based on visited websites [miller2014know].

Challenges for attackers

The main objectives of packet trace analysis include traffic classification (see Fig. 2 for an illustration), user identification and localization, website fingerprinting, application recognition, and data-content inference. In general, only acquiring information from side-channel data is inherently difficult. When communication is encrypted at the link layer, information extraction becomes even more challenging. Eavesdropping on cellular communications is particularly demanding not only because of such encryption, but also due to the limited availability of commercially sold capture interfaces, the scarcity of open-source tools, the noisier characteristics of wireless channels, and the higher variability of network traces.

Motivations for this survey

Packet trace analysis over encrypted communication channels poses serious societal challenges. This work surveys the current landscape of existing and potential Passive Network Attacks (PNAs), with the aim of informing the design of countermeasures before such attacks are widely deployed. A careful study of these possible attacks can also encourage the early adoption of necessary updates in wireless protocols and standards. The primary motivation of this survey is to provide a clearer understanding of privacy concerns in 5G and B5G networks [khan2018defeating, norrman2016protecting], thereby addressing public apprehension surrounding their deployment. By offering a qualitative analysis of privacy risks, this work seeks to reduce popular concerns about new wireless technologies, which in turn can help increase public acceptance and accelerate the development and deployment of both current and future network generations.

Contributions

By surveying 41 works from literature, this work investigates the feasibility of PNAs on 5G and B5G networks. Particular emphasis is placed on information extraction related to users’ devices (e.g., system identification, website fingerprinting, and application fingerprinting) and on users’ geographical position [yang2016passive] (e.g., device tracking). The survey primarily considers attacks that have already been demonstrated in wireless networks, either in short-range technologies or LTE cellular systems. However, it remains unclear whether these attacks can be easily adapted to 5G, since the new radio characteristics of 5G enable highly directional communication compared with earlier generation, requiring attackers to be in close proximity to their targets for effective eavesdropping [lautenbach2019preliminary]. It is also uncertain whether they will transfer to B5G, which builds upon the capabilities of today’s 5G environments [gsmaintelligenceTechnologyWhite]. To the best of our knowledge, this survey is the first to provide a comprehensive evaluation of the feasibility of passive network attacks in 5G and B5G communications, and it contributes to clarifying public concerns about potential weaknesses in privacy protection in these networks.

Plan

Section II introduces key concepts and surveys related work as well as previous studies on PNAs in mobile networks. Section III provides an overview of PNAs, while Section IV discusses the main characteristics and distinguishing features of 5G communications. Section V presents a taxonomy of PNAs, categorizing attacks by their targets and required capabilities. Section VI is our core contribution: a detailed review of prior attack schemes and an assessment of their feasibility in 5G and B5G environments. Finally, Section VII concludes the paper and outlines directions for future work.

II Background and Related Work

We present in this section definitions of important concepts and a literature review of related surveys on PNAs.

II-A Preliminaries & Glossary

We show here a brief breakdown of different attacks, principal targets of the attackers, and aims of network administrators that are tackled in this work.

Types of Attacks

•

Passive Network Attacks: Attacks that monitor or intercept network traffic without altering it, aiming to gather information covertly. Their counterpart “active network attacks” involve interactions with the network which can be detected via e.g., Intrusion Detection Systems.
•

Communication side-channels: Exploitation of indirect information to infer sensitive data without direct access to content. When the main channel is encrypted, packet traces form an exploitable side-channel (e.g. packet sizes and timestamps). Other possible side-channels on mobile devices could be energy consumption and voltage.
•

Traffic Analysis: The observation and examination of network traffic patterns to deduce communication behaviors, relationships, or identities.
•

Eavesdropping: The unauthorized interception of private communications, such as listening to voice calls or reading transmitted data.

Attacker Targets

•

Website Fingerprinting (WF): Inferring which website a user is visiting by analyzing encrypted traffic patterns. It usually requires the attacker to build a database of, e.g., the 200 most popular websites to identify captured traffic.
•

Video Fingerprinting (VF): Identifying specific video content being streamed by examining traffic features like bitrate or packet timing. Just like WFs, a database of fingerprints is usually required.

Tools of Network Administrators

•

Traffic Classification (TC): Categorizing network flows¹¹1We define a “flow” as a structured aggregation of packets that belong to the same communication session or connection. (e.g., VoIP, web, streaming) to enforce policies, optimize routing, or detect anomalies using observed traffic characteristics, which varies depending on whether the traffic is encrypted or not.
•

Deep Packet Inspection (DPI): Traditional method to inspect payload data for security, policy enforcement, or traffic shaping.
•

Quality of Service (QoS): Ensuring reliable network performance by prioritizing critical traffic and managing bandwidth allocation.

TABLE I: Comparison of selected surveys on traffic analysis and privacy/security in wireless networks.

Survey Scope / Focus Coverage of PNAs Consider 5G Consider B5G/6G Rahbari et al. [rahbari2015secrecy] Passive/active SCA (wireless comms.) General PNA concepts; not specific to cellular No No Spreitzer et al. [spreitzer2017systematic] Tax. of mobile SCA (power, EM, network) Mentions PNAs, not focus No No Conti et al. [conti2018dark] Network TA for mobile users Mostly Wi-Fi and AP/device assumptions No No Salman et al. [salman2020review, salman2021data] ML-based TC Indirectly; assumes access to TCP/IP stack No No Kumar et al. [kumar2021smartphone] Smartphone TA User/system behavior; malware focus No No Papadogiannaki & Ioannidis [papadogiannaki2021survey] Encrypted TA (tech./counterm.) Broad categories (website, app, OS, PII) No No Cao et al. [cao2019survey] Security aspects of 5G No focus on PNAs Yes No Khan et al. [khan2019survey] Privacy thr. in 5G High-level only; no PNAs Yes No Sandeepa et al. [Sandeepa_2022] Privacy in B5G (id., loc., auth, regulation) No PNA analysis No Yes Ramezanpour et al. [ramezanpour2022securityprivacyvulnerabilities5g6g] 5G/6G and Wi-Fi 6 coexistence Mentions SCAs; no feasibility analysis Partial Yes Harvanek et al. [s24175523] Physical-layer security thr. (4G/5G) Signal-level eavesdropping only Yes No Wani et al. [wani2024security] 5G NSA vuln. (based on 4G attacks) Focus on cataloging attacks; little on PNAs Yes (NSA) No Saeed et al. [saeed2025comprehensive] 6G security thr. (layered taxonomy) Mentions passive thr.; no PNA feasibility No Yes Devi et al. [DEVI2025100891] Physical-layer security mechanisms (5G/6G) Acknowledge eavesdropping, not PNAs Yes Yes Our work Feasibility of PNAs in 5G/B5G Explicit, detailed analysis Yes Yes

Attacks: SCA = Side-Channel Attacks, TA = Traffic Analysis, TC = Traffic Classification.
Abbreviations: comms. = communications, cell. = cellular, thr. = threats, tax. = taxonomy, techn. = technique, counterm. = countermeasures, id. = identity, loc. = location, vuln. = vulnerabilities

II-B Recent Traffic Analysis Surveys

Several surveys on traffic analysis have been published in recent years (see Fig. 3 for a timeline). Many of these [rahbari2015secrecy, spreitzer2017systematic, conti2018dark, salman2021data, kumar2021smartphone, papadogiannaki2021survey] address different aspects of side-channel-based attacks. None of them, however, examine the feasibility of adapting known passive attacks to 5G networks.

Rahbari et al. [rahbari2015secrecy] describe various passive (traffic analysis) and active (jamming) attacks based on side-channel information extraction from wireless communications. The authors argue that one cannot encrypt link-layer headers. Due to the large overhead associated with obfuscating packet streams, they advocate for physical-layer security techniques complementing packet payload encryption. While the work considers MIMO systems, it does not examine 5G or its radio-specific characteristics.

In [spreitzer2017systematic], Spreitzer et al. classify side-channel attacks in mobile networks. Their taxonomy covers all types of side-channel attacks, such as power analysis and electromagnetic measurements, not only network-related passive attacks. Attacks are categorized along two axes: whether they are active or passive, and the degree of invasiveness of the attacker. Since all side-channel attacks are included, passive network attacks are not the focus, and the classification does not take into account the specificities of cellular networks.

Conti et al. [conti2018dark] survey the state of the art in network traffic analysis for mobile users. The reviewed literature is categorized by (i) the goal of the analysis, (ii) the point where network traffic is captured (e.g., at the Access Point (AP) or on the device), (iii) the targeted mobile platform (e.g., Android or iOS), and (iv) applicability beyond traffic encryption (e.g., SSL/TLS or IPsec). The vast majority of capture points are either at the AP (assuming attackers have AP access or can eavesdrop identical traces), on the devices (assuming malware infection), or through wired, simulated, or emulated environments. In the context of eavesdropping cellular communication, none of these assumptions hold, and unstable wireless channels must be taken into account. Out of 60 surveyed works, only four [musa2012tracking, barbera2013signals, wang2015know, ruffing2016smartphone] assume monitoring of the network as the entry point, and all of them target Wi-Fi, which is considerably easier to eavesdrop than cellular communication.

Salman et al. [salman2020review, salman2021data] review machine learning methods for traffic classification. As most works focus on improving QoS, the surveyed approaches usually assume access to the full TCP/IP stack, with only the application payload encrypted. In [shi2021online], Shi et al. propose early traffic classification for mobile applications, but the assumed input is at the flow level, making it more relevant to network management policies than to passive attackers.

Kumar et al. [kumar2021smartphone] survey smartphone traffic analysis, dividing attacks into two categories: analysis of user behaviors (e.g., website fingerprinting, user fingerprinting, user action identification) and system identification (e.g., PII leakage, application, or OS identification). Their focus is on methods for malware detection, without attention to the type of underlying network.

Papadogiannaki and Ioannidis [papadogiannaki2021survey] survey applications, techniques, and countermeasures of traffic analysis over encrypted network traces. The work investigates whether traditional traffic processing systems can adapt to widespread encryption and explores alternatives to DPI for performance and QoS optimization. The surveyed works are classified by identification type (e.g., website, application, device, OS, PII, or location leakage), dataset availability, techniques used, and performance metrics. As with earlier surveys, the type of wireless communication is not considered.

Cao et al. [cao2019survey] examine security aspects of 5G, but do not evaluate the feasibility of known PNAs. Khan et al. [khan2019survey] provide a high-level overview of potential privacy breaches in 5G, yet without analyzing practical traffic analysis techniques or assessing whether Wi-Fi or LTE attacks can be extended to 5G.

Other works have addressed 5G and B5G security more broadly. Sandeepa et al. [Sandeepa_2022] present a survey of privacy issues in B5G, focusing on identity and location leakage, authentication, and regulation. Although comprehensive in taxonomy, it does not cover passive traffic analysis or side-channel exploitation. Ramezanpour et al. [ramezanpour2022securityprivacyvulnerabilities5g6g] survey security and privacy challenges at the intersection of 5G/6G and Wi-Fi 6, with emphasis on coexistence scenarios. While acknowledging side-channel risks, they do not assess whether known PNAs, such as fingerprinting or tracking, can be reproduced under 5G conditions.

More recent contributions include Harvanek et al. [s24175523], who provide a comprehensive survey of physical-layer security threats in 4G and 5G. Their analysis emphasizes jamming, spoofing, and signal-level eavesdropping, including rogue base station detection and Software-Defined Radio (SDR) (a radio device that can switch between different wireless communication standards using software, without needing new hardware [akeela2018software]) testbeds. However, they do not consider passive metadata-based attacks such as traffic fingerprinting. Wani et al. [wani2024security] provide a taxonomy of 5G Non-Standalone (NSA) vulnerabilities by surveying known 4G attacks and showing how they apply to current 5G NSA deployments. Their study spans both active and passive threats, and they experimentally validate a few exploits (such as an IMSI‑leak tracking attack) on commercial smartphones. However, they focus on cataloging these threats only in the NSA architecture. They note that even basic 5G traffic sniffing is challenging with today’s tools; they do not deeply investigate modern metadata‑analysis attacks like encrypted traffic fingerprinting or detailed geolocation in practical 5G networks.

Saeed et al. [saeed2025comprehensive] present a layered survey of 6G threats across the physical, connection, and service layers. Passive threats such as eavesdropping are included, but only at a conceptual level, without analysis of feasibility or SDR-based demonstrations. Devi et al. [DEVI2025100891] review physical-layer security techniques for 5G/6G, including artificial noise, cooperative relaying, and intelligent reflecting surfaces. While acknowledging eavesdropping risks, they do not analyze practical PNAs or side-channel exploitation.

Table I summarizes key surveys on traffic analysis and privacy/security in wireless networks, highlighting their scope, coverage of PNAs, and consideration of 5G or B5G/6G environments. As shown, while several surveys address side-channel attacks or encrypted traffic analysis, none provide a detailed evaluation of the feasibility of known PNAs in 5G or beyond 5G networks. In contrast, our work explicitly focuses on this gap, offering a systematic assessment of how previously demonstrated passive attacks could be applied or adapted to modern cellular networks, thereby bridging the gap between prior studies and the emerging privacy challenges in 5G and B5G contexts.

III Overview of Passive Network Attacks

In this section we give a brief overview about PNAs. Packet trace analysis has been used in recent years to demonstrate how these attacks can infer detailed user-related information by eavesdropping encrypted communications. These attacks can reveal the user’s operating system and browser version, websites visited, running applications, and even the specific video content being streamed. Such analyses rely on metadata from captured network traces, typically encrypted, making the attacks difficult to detect. These traces can be collected at different layers of the protocol stack (e.g., data-link, network, or application layer) and from various network vantage points (e.g., via Wi-Fi eavesdropping, Tor²²2Tor (The Onion Router) is a low-latency anonymity network that routes user traffic through multiple volunteer-operated relays, encrypting it in layers (“onion routing”) to conceal the user’s IP address and communication patterns from network observers. networks, or device-level logging after privilege escalation). In all cases, these attacks highlight the inherent leakage in side-channel information even when payload data is fully protected.

III-A Network Traffic Analysis and Passive Network Attacks

Packet trace analysis is a class of side-channel attacks [spreitzer2017systematic] that exploits metadata (such as packet sizes, arrival times, and flow direction) to infer sensitive information, even when traffic is encrypted at the transport or application layer (e.g., via HTTPS). PNAs rely entirely on metadata without requiring interaction with or modification of packets.

Classic ML methods such as k-Nearest Neighbors (kNN), Support Vector Machines (SVM), and Random Forests (RF) have been widely applied. For example, Reed et al. [reed2016leaky, reed2017identifying] demonstrated high-accuracy video fingerprinting over encrypted DASH traffic using kd-tree classifiers, including for Netflix streams. Taylor et al. [taylor2016appscanner, taylor2017robust] proposed AppScanner to identify 110 Android apps over encrypted HTTPS traffic with up to 99% accuracy, while Wang et al. [wang2015know] used RF classifiers to identify smartphone applications. More recently, deep learning (DL) approaches (including CNNs, LSTMs, and hybrid architectures) have achieved similar or higher accuracy for mobile and encrypted traffic classification [aceto2019mobile, aceto2020toward, rezaei2019large, d2021network]. These studies generally assume access to flows with bidirectional metadata.

Some works consider packet-level sequences with minimal visibility. For instance, Acar et al. [acar2020peek] inferred smart home device actions from Wi-Fi, ZigBee, and BLE traffic using only packet timing and size, while Meneghello et al. [meneghello2020smartphone] applied sequence-to-sequence learning over LTE PDCCH traffic for smartphone identification. Shapira et al. [shapira2019flowpic] and Montieri et al. [montieri2021packet] explored unsupervised and DL-based traffic classification at the flow or packet level.

Key types of PNAs demonstrated across networks include:

•

Website Fingerprinting (WF): Rimmer et al. [rimmer2017automated] achieved 96% accuracy in classifying visited websites over Tor using DL architectures such as stacked autoencoders, CNNs, and LSTMs. Juarez et al. [juarez2014critical] highlighted overfitting risks and practical challenges under real-world conditions. Most WF studies target Wi-Fi or VPN-encrypted traffic, with limited application to cellular networks.
•

Video and App Fingerprinting (VF/AF): Reed et al. [reed2016leaky, reed2017identifying] and Dubin et al. [dubin2017know] used kd-tree or SVM classifiers to identify encrypted video streams or smartphone applications. Petagna et al. [petagna2019peel] extended this to Tor, demonstrating app identification despite multi-hop encryption.
•

Smart Home and Behavioral Inference: Acar et al. [acar2020peek] and Aiolli et al. [aiolli2019mind] inferred device actions and cryptocurrency wallet activity from encrypted traffic. Conti et al. [conti2015can] and Muehlstein et al. [muehlstein2017analyzing] analyzed Android traffic to deduce user behavior and app usage patterns.
•

De-anonymization in Privacy-Enhancing Networks: Karunanayake et al. [karunanayake2021anonymisation] surveyed passive attacks on networks like Tor, including fingerprinting, timing correlation, and traffic confirmation attacks, highlighting that anonymizing overlays do not fully prevent side-channel leaks.

Overall, these studies illustrate that sensitive information can be extracted from encrypted traffic without active intervention. While most prior work focuses on Wi-Fi, VPN, or LTE, the feasibility of applying these techniques to 5G and beyond remains largely unexplored; a gap that this survey aims to address.

III-B Passive Attacks on Cellular Networks

While passive attacks are well-documented in Wi-Fi and anonymizing networks, their extension to cellular networks, including LTE, 3G, and 4G, has also been demonstrated with varying degrees of success. Stöber et al [stober2013you] showed that even without payload access, user identification is possible over 3G and LTE networks by analyzing traffic patterns. Their work relied on timing and volume features, enabling fingerprinting of smartphone users based solely on metadata. Similarly, Meneghello et al [meneghello2020smartphone] applied DL (1D-CNN) to LTE’s control channel data (PDCCH) and demonstrated accurate fingerprinting of specific smartphones using only physical layer side-channel features. Website fingerprinting over cellular links has also been shown to be effective. Kohls et al [kohls2019lost] and Rupprecht et al [rupprecht2019breaking] performed passive Layer 2 traffic analysis in LTE networks and successfully inferred visited websites by observing encrypted traffic in the RLC (Radio Link Control³³3The Radio Link Control layer handles segmentation, reassembly, error correction, and reliable delivery of data between the UE and the base station in LTE and 5G NR.) and PDCP (Packet Data Convergence Protocol⁴⁴4The PDCP layer provides header compression, encryption, integrity protection, and in-order delivery of user-plane and control-plane data in LTE and 5G NR.) layers. These studies highlight that despite encryption at upper layers, the structure and scheduling behavior of lower layer traffic reveals enough to compromise user privacy. Khanna et al [khanna2015remote] proposed remote device fingerprinting techniques based on passive measurement of MAC/IP behavior, clock skew, and network layer metadata. Though not limited to LTE, their methods are particularly effective in mobile networks where device-specific timing characteristics can be measured due to frequent reconnections or network handovers. Trinh et al [trinh2020mobile] introduced an approach using LTE control channel features to classify the applications and services accessed by a device. Using DL models, they demonstrated that even control plane metadata, such as resource allocation and scheduling information, can be exploited to infer sensitive information without touching the encrypted payload.

These LTE/4G-specific attacks serve as important baselines for understanding what passive analysis can achieve in mobile environments. However, extending these attacks to 5G introduces several new challenges.

Unlike LTE, 5G employs strong link-layer encryption, beamforming, and massive MIMO. These features make it significantly harder for an attacker to capture usable traffic unless they are directly aligned with the transmission beam. Furthermore, 5G traffic patterns are more dynamic, fragmented, and often multiplexed across services, making side-channel separation more complex. Norrman et al [norrman2016protecting] and Khanna et al [khan2018defeating] studied user privacy threats from rogue base stations and demonstrated possible identity exposure during 5G synchronization. Capturing usable traces in 5G typically requires SDRs and specialized demodulation tools. Works like Wei et et al [wei2016software], Duarte et et al [duarte2019software], and Vo-Huu et et al [vo2016fingerprinting] explored SDR-based fingerprinting and signal extraction methods, but 5G’s physical layer complexity presents practical limitations. Additionally, concurrent application traffic causes flow interleaving, making separation and classification harder, especially when MAC-layer encryption is used. Classifiers often assume clean data; an unrealistic expectation in 5G’s dynamic environment. Also, traffic varies significantly across devices, complicating generalization. Aceto et et al [aceto2019mobile] and Ismailaj et al [ismailaj2021deep] note that even state-of-the-art DL models underperform on noisy, mixed data or new devices. Nevertheless, increased deployment density of 5G small cells may inadvertently expose users to attackers within physical proximity, potentially making some forms of passive monitoring easier than in previous generations.

Remarks

The diversity and increasing sophistication of PNAs over encrypted traffic raise serious privacy concerns. While many of these attacks have been demonstrated successfully in Wi-Fi and LTE environments, their feasibility in 5G/B5G remains largely unexplored. This survey aims to evaluate to what extent known passive attacks, ranging from system fingerprinting to behavioral and location inference, can be realistically reproduced in 5G/B5G networks. However, performing such analysis in 5G/B5G poses significant challenges: encrypted link-layer traffic, spatially selective communication, limited availability of SDR tools, and the difficulty of acquiring clean, labeled data. These issues will be explored in depth in the following sections, where we assess the characteristics of 5G/B5G and the practical feasibility of each type of attack.

IV Characteristics of (B)5G communications

We present in this section the main characteristics of 5G and B5G networks and explore their implications for the feasibility of PNAs.

IV-A 5G New Radio standard

The 5G wireless technology is the basis of a new kind of wireless network that enables an omnipresent connectivity to virtually link everyone and everything including machines, objects, and devices. 5G wireless networks are built to deliver higher multi-Gbps peak data streams, ultra low latency, more reliability, vast network capacity, and improved availability, uniformly to more users [dahlman20205g].

5G New Radio (5G NR) is a new air interface deployed for 5G. NR provides forward compatibility within NR and interworks with LTE via NSA (EN-DC⁵⁵5EN-DC (E-UTRAN New Radio – Dual Connectivity.) is 5G NSA feature that allows a device to connect simultaneously to a 4G LTE eNodeB (anchor for control and signaling) and a 5G NR gNodeB (for additional high-speed data), combining both for higher throughput.), however, it is not air-interface backward-compatible with LTE. 5G NR has two broad deployment modes: NSA (EN-DC), where LTE anchors the control plane and NR primarily adds user plane capacity, and Standalone (SA), where NR carries both control and user planes on a 5G core. Operators may use Dynamic Spectrum Sharing (DSS) to run LTE and NR in the same band though this mode is optional and deployment-specific. As technology matures, the SA mode operates with the 5G core network and hence at both the control and user planes. In the SA mode, the 5G Packet Core architecture is fully used instead of the 4G Evolved Packet Core run in the 4G LTE network (see Fig. 4 for a summary.)

The foundational elements of 5G NR are the following. NR reuses Orthogonal Frequency Division Multiplexing (OFDM) and Cyclic Prefix OFDM (CP-OFDM) waveforms (also used in LTE and Wi-Fi), but it does not reuse Wi-Fi protocols. Namely, wave forms based on OFDM and multiple access techniques are optimized. A common flexible framework will enable efficient multiplexing of diverse 5G services and provide forward compatibility for future services. Advanced wireless technologies delivers new levels of performance and efficiency that enables the wide range of 5G services. 5G services are categorized into three pillars, namely enhanced Mobile Broadband (eMBB) delivering high throughput; ultra-reliable and Low-latency Communications (uRLLC) for high reliability and availability (not security); and massive Machine Type Communications (mMTC) for low-cost, low-energy devices with small data volumes at mass scale.

While the main enablers of 5G include larger bandwidths in the millimeter wave (mmWave) frequency bands, densification via small-cell HetNets, and massive MIMO with narrow beams [khwandah2021massive], in practice 5G capacity is delivered by a layered spectrum mix across low-, mid-, and mmWave bands, with mid-band carrying most of today’s load and mmWave supplying extreme peak rates where deployed. In addition, due to the shortcomings Orthogonal Multiple Access (OMA) lacking sufficient spectral efficiency to handle the foreseen unprecedented increase of data traffic None-Orthogonal Multiple Access (NOMA) has become a promising remedy. (Note, however, that NR does not standardize general power-domain NOMA in current releases). Furthermore, NR relies on Frequency Division Duplex (simultaneous Uplink/Downlink on separate bands) and Time Division Duplex (time-separated Uplink/Downlink). In-band full-duplex on the same frequency is being studied but is not required or widely deployed, however, some researchers advocate it for potential throughput gains.

IV-B Challenges of eavesdropping 5G communications

Eavesdropping 5G communications is particularly challenging as most passive attacks are designed to defeat WiFi-connected devices and only a few of them specifically target cellular networks. Contrary to commodity 802.11 network cards that can easily be turned into monitor mode and capture nearby traffic at the packet-level, extracting a packet sequence (amount of transmitted data, traffic direction and timing information) from cellular communication usually requires to demodulate and demultiplex the physical layer. As far as we know, no commercially available devices usually come with this possibility and SDR is required. Open-source LTE passive tooling is well established, and while several 5G attacks have been demonstrated using adapted or partially open tools (e.g., srsRAN [srsranSrsRANProject] or OWL [rupprecht2019breaking]), to the best of our knowledge, no complete, public end-to-end 5G passive monitoring stack is yet available. In particular, the eavesdropper-captured signal may be unstable due to 5G beamforming, which increases directionality and reduces off-target radiation but is not a security mechanism; side-lobes and multipath still leak energy. A well-equipped adversary may use antenna arrays and channel estimation to approximate the beam and passively recover traffic, though this remains technically demanding. We note that all tested attacks have been obtained on stable packet traces. Also, in over-the-air packet traces, NR’s Packet Data Convergence Protocol (PDCP⁶⁶6PDCP is a sublayer of the LTE and 5G NR radio protocol stack that operates above the RLC layer and below the IP layer, responsible for header compression, ciphering, integrity protection, and in-order delivery of user-plane and control-plane data.)-layer ciphering makes it hard to separate the individual flows without the keys. The consequence is that when analyzing the captured packet bursts, noise made by concurrent and unrelated applications are mixed in the same collected traffic. Hence, classification methods must be capable of handling rather noisy traffic logs. On top of that, packet traces vary significantly from device to device and data availability covering a wide range of products is often low. In addition, classification accuracy is rather reduced when a ML model trained on a given device or a given brand is used on a different one. This makes scaling the experimentation much harder. At last, although this work focuses on passive attacks, it is worth noting that 5G mmWave communication is particularly vulnerable to targeted jamming during initial access and beam tracking; this vulnerability is largely mmWave-centric and scenario-dependent (sub-6 GHz NR behaves differently) [mezzavilla2018end].

IV-C Beyond 5G characteristics

Building on the innovations of 5G, the evolution toward Beyond‑5G and early 6G architectures is focused on extending and enhancing the capabilities of 5G by supporting emerging service classes such as ultra-Massive Machine-Type Communications (u-mMTC), extremely enhanced Mobile Broadband (eX‑eMBB), and 6G Ultra-Reliable Low-Latency Communications (6G‑URLLC), while sustaining sustainability, intelligence, and ubiquitous coverage [khalid2021advanced] (See Fig. 5 for a summary).

Key technical trends and architectural elements of B5G/6G include:

•

Expansion into mmWave and THz Spectrum: Expansion into the mmWave and THz bands, coupled with (ultra)massive MIMO and highly directional beamforming, is being investigated for terabit-class peak physical layer data rates in B5G/6G; realizing such gains end-to-end will require new RF/antenna hardware and accurate channel/propagation models [giordani2020toward].
•

Integration of AI/ML: B5G embeds AI-native mechanisms, enabling real-time resource control, predictive network slicing, and self-healing capabilities; which means transitioning toward zero-trust security frameworks [tariq2020speculative].
•

Edge Computing and Distributed Intelligence: Multi-access Edge Computing (MEC) are combined with Information-Centric Networking (ICN) to enable ultra-low latency while distributing data processing across dense, heterogeneous access points [9845700].
•

Integration with Non-Terrestrial Networks (NTNs): Use of mmWave and THz bands, as well as satellite and aerial links introduces non-stationary, directional transmissions and multi-modal connectivity, which necessitates novel channel models for propagation and path loss [3gppSatelliteComponents].
•
Standardization and Roadmapping: Standardization efforts for B5G are underway through various international bodies.
- –
  
  3GPP Release 18 (5G-Advanced) brings enhanced MIMO, RedCap for IoT, NTN support, and embedded AI/ML capabilities [mourad2020baseline].
- –
  
  B5G/6G efforts, led by initiatives such as Japan’s NICT, ETSI’s RIS/THz/ENI working groups, and ITU’s IMT‑2030 roadmaps, focus on defining architectures that blend terrestrial, satellite, and intelligent surface technologies [europaBeyond2024].

V Data Collection

We present in this section the data collection methodology and survey various works about PNAs in Wi-Fi, LTE, and cellular communications.

V-A Methodology and Selection criteria

To assess the practical feasibility of PNAs in 5G and B5G environments, we adopted a targeted selection strategy rather than an exhaustive enumeration of all existing attack literature. Our primary objective is not to catalog every theoretical variation of traffic analysis, but to identify distinct classes of attack vectors that have been proven effective in previous generations (Wi-Fi, LTE) and rigorously evaluate their reproducibility under 5G physical and protocol constraints.

We screened literature published over the last 12 years (2013–2025) to capture the evolution of attacks from the early 4G era to current 5G deployments. From an initial pool of hundreds of studies, we filtered for works that met the following inclusion criteria:

•

Peer-Reviewed Validation: Only works published in reputable journals and conferences were considered to ensure technical soundness.
•

Impact and Relevance: We selected the top-cited papers per year that introduced novel methodologies (e.g., the first instance of video fingerprinting using variable bit rate, or the first deep learning-based website fingerprinting attack).
•

Reproducibility: Priority was given to studies providing clear threat models and experimental setups (e.g., specific SDR hardware or dataset characteristics) essential for feasibility analysis.Reproducibility: Priority was given to studies providing clear threat models and experimental setups (e.g., specific SDR hardware or dataset characteristics) essential for feasibility analysis.
•

Threat Model: We focus in this study on two main types of PNAs. We investigated: (i) packet trace analysis based on captured information, and (ii) passive localization or tracking of users.

This process resulted in a core set of 41 seminal works. This dataset represents the ”state-of-the-art” in attack sophistication. By focusing on these high-impact exemplars, we can perform a deep-dive technical analysis of why specific mechanisms (e.g., packet size side-channels) succeed or fail in the face of 5G beamforming and encryption, providing a qualitative depth that a broader quantitative survey would lack.

V-B Selected passive network attacks

We detail below 41 selected works that form the basis of our analysis (see Table II for an overview):

TABLE II: Summary of passive network attacks selected in both user/traffic identification (upper half) and position tracking (lower half).

Year	Authors [ref.]	Outcome	Channel used	Protocol(s) / tool	Technique/ML used	Scale	Accuracy
2013	Barbera et al. [barbera2013signals]	Social rlt. ID	Link layer	Wi-Fi	Correlations	460 users	N/A
2013	Stöber [stober2013you]	User ID	Link-layer	3G LTE	kNN, SVM	20 users	90%
2014	Chen et al. [chen2014fingerprinting]	OS ID	Cellular uplink (L3)	Mobile ISP	Signature + DT	2 mob. op.	95%
2015	Wang et al. [wang2015know]	Application ID	Link-layer	802.11a/b/g	RF	20 apps	94%
2016	Ruffing et al. [ruffing2016smartphone]	OS ID	WiFi (L2)	802.11 frames	Statistical	4 mob. plat.	95%
2016	Saltaformaggio et al. [saltaformaggio2016eavesdropping]	Activity ID	WiFi/LTE (L3)	Encrypted traffic	Statistical + Heuristic	35 app act.	78%
2016	Taylor et al. [taylor2016appscanner, taylor2017robust]	Application ID	Network-layer	HTTPS/TLS	SVM (ML)	110 apps	99%
2016	Reed et al. [reed2016leaky]	Video ID	Link-layer	DASH	kd-tree	25 videos	90%
2017	Reed et al. [reed2017identifying]	Video ID	Network-layer	DASH (Netflix)	kd-tree	42k videos	99.5%
2017	Dubin et al. [dubin2017know]	Video ID	Network-layer	Youtube	1-NN, SVM	15k videos	95%
2017	Muehlstein et al. [muehlstein2017analyzing]	OS, browser, app. ID	Transport-layer	HTTPS/SSL	SVM-RBF	144 labels	96%
2017	Rimmer et al. [rimmer2017automated]	Website ID	Network layer	ToR	SAE, CNN, LSTM	100 websites	96%
2019	Aceto et al. [aceto2019mobile]	Traffic ID	All L7-layers	All	DL	45 apps	83-93%
2019	Petagna et al. [petagna2019peel]	Android apps ID	Transport Layer	TCP (ToR)	k-NN, RF, SVM	10 apps	97%
2019	Shapira et al. [shapira2019flowpic]	Traffic ID	Flows (L4)	VPN / ToR	CNN	7 types	68-98%
2019	Rezaei et al. [rezaei2019large]	Mobile apps ID	Flows (L4)	UDP, TCP, HTTP(S)	CNN+LSTM	80 mobile apps	95%
2019	D’Angelo et al. [d2021network]	Traffic ID	Flows (L4)	12+ protocols	CNN/LSTM+SAE+NN	4 categories	99%
2020	Acar et al. [acar2020peek]	SH activities ID	Link-layer	WiFi, ZigBee, BLE	kNN, RF, HMM, +a	22 devices	88-100%
2020	Meneghello et al. [meneghello2020smartphone]	Smartphone ID	LTE (L1)	PDCCH	1D-CNN	40 sim. users	75-90%
2020	Aceto et al. [aceto2020toward]	Traffic ID	All L7-layers	All	DL	45 apps	83-93%
2020	Trinh et al. [trinh2020mobile]	App/Service ID	LTE (L2)	PDCCH	RNN, CNN, MLP, +a	6 apps/3 serv.	98%
2020	Wang et al. [wang2020automatic]	Application ID	Biflows (L4)	TLS	RNN+CNN	80 apps	93-99%
2020	Gijon et al. [gijon2020encrypted]	Traffic ID	LTE (L4)	CTR	AHC	8 labels	N/A
2021	Montieri et al. [montieri2021packet]	Pkt. ID	Biflows (L4)	TCP	CNN, RNN, CompNN	16 labels	N/A
2021	Zhao et al. [zhao2021optimized]	Traffic ID	Transport Layer	N/A	K-means	11 labels	88%
2023	Cheng et al. [cheng2023watching]	VoLTE ID	LTE/5G (L2/L3)	srsRAN	Eavesdropping	60h traffic	100%
2023	Budykho et al. [budykho2023fine]	Entity ID	5G RRC (L3)	TrackDev [githubGitHubFmsectrackdev]	Trackability analysis	$\approx 10-20$ users	N/A
2023	Xiong et al. [xiong20235g]	User act. ID	6G UAV (L3)	GTP/IP over 6G	CNN	Small testbed	N/A
2023	Björklund et al. [10060390]	Video ID	L3-L4	TLS over TCP/TLS	k-d tree	1000+ videos	99%
2024	Wan et al. [wan2024nr]	RAN telemetry ID	5G NR (L1)	PDCCH/DCI	Decoding RRC	3 5G SA RAN	99%
2024	Wani et al. [wani2024security]	IMSI ID	5G NSA (L1–L3)	LTE RRC / NAS	Passive sniffing	8 smartphones	N/A
2024	Marañón et al. [10823417]	Enc. app ID	5G bursts (L3-L4)	Passive pkt. capture	kNN, RF, LSTM	8 mobile apps	$\approx 85\%$
2025	Jawne et al. [jawne2025ai]	5G devices ID	5G NR RF (L1)	SDR testbed	ResNet	4 UEs	$\approx$ 100%
2025	Zhang et al. [zhang2025passive]	User act. ID	PUCCH (L1)	3GPP 5G NR	RF, SVM, k-NN	5 smartphones	$\approx$ 100%
2025	Björklund et al. [usenixEndangeredPrivacy]	Video ID	Video streams (L3-L4)	VPN/Wi-Fi	k-d tree	240,000 videos	99.5%
2015	Ateniese et al. [ateniese2015no]	Location TR	WiFi/Cellular (L3)	TLS	RF, k-NN	100+ locations	90-95%
2016	Yang et al. [yang2016passive]	Passive TR	Link-layer	Wifi	1-NN	5 test points	N/A
2019	Kohls et al. [kohls2019lost]	User ID, TR	LTE/4G (L2)	RLC/PDCP	k-NN,	50 websites	92-95%
2019	Rupprecht et al. [rupprecht2019breaking]	Website ID, TR	LTE/4G (L2)	RLC/PDCP	k-NN	50 websites	89%
2022	Kotuliak et al. [kotuliak2022ltrack]	UE TR	LTE (L1)	SDR sniffer	Time measurement	17 phones	90%
2023	Ludant et al. [ludant20235g]	User pres. TR	5G (L1)	PDCCH/DCI	DCI decoding	Single 5G cell	94%

Problems: ID = identification, TR= Tracking, SH = Smart home, enc. = encrypted, rlt. = relationship, sim. users = simulated users, pkt.= packet, app act. = application activities, mob. op. = mobile operator, mob. plat. = mobile platform, user pres. = user presence, UE = user equipment, IMSI = International Mobile Subscriber Identifier.
Machine Learning: kNN = $k$ Nearest Neighbors, SVM = Support Vector Machine, RBF = Radial Basis Function, DT = Decision Trees, RF = Random Forests, HMM = Hidden Markov Model, AHC = Agglomerative Hierarchical Clustering.
Deep Learning: MLP = Multilayer Perceptron, RNNs = Recurrent Neural Networks, CNN = 1D- and 2D- Convolutional Neural Network, DNN = Deep Neural Network, LSTM = Long Short-Term Memory, AE = AutoEncoder, SAE = Stacked AutoEncoder, SDAE = Stacked Denoising Autoencoder, bi-GRU = Bidirectional Gated Recurrent Unit, CompNN = Composite Neural Networks, ResNet = Residual Neural Network.
Radios & Networks: RF = Radio Frequencies, RLC = Radio Link Control, RRC = Radio Resource Control, RAN = Radio Access Network, PDCP = Packet Data Convergence Protocol, PUCCH = Physical Uplink Control Channel, PDCCH = Physical Downlink Control Channel, CTR = Cell Traffic Recording, DCI = Downlink Control Information, VoLTE = Voice over LTE, GTP = GPRS Tunneling Protocol, 3GPP = The 3rd Generation Partnership Project.
Others: N/A = Not Applicable.

+a = XGBoost, Adaboost, Random Forest, SVM, with RBF kernel, kNN, Logistic Regression, Naïve Bayes, and Decision Tree

About users’ and traffic identification

Many works in Table II target user or application identification through traffic fingerprinting, although they differ widely in the data sources and platforms targeted.

Barbera et al. [barbera2013signals] collected Wi-Fi probe request frames (a type of management frame) that are unencrypted, using commodity NICs, and inferred social relationships by detecting overlapping SSIDs in the devices’ preferred network lists. Along the same line, Wang et al. [wang2015know] show how to identify mobile applications over 802.11 by leveraging link‐layer side channels, namely packet size distributions and interarrival timing features, even when the payload is encrypted, while Ruffing et al. [ruffing2016smartphone] proposed a passive OS identification method that infers a smartphone’s operating system from encrypted network traffic using spectral analysis of packet flows (frequency-domain features).

Other works relied on video and multimedia fingerprinting. Reed et al. [reed2016leaky] introduced one of the earliest approaches for encrypted DASH streams: they infer the sequence of video segment sizes from observed packet flows and index sliding windows of segments using a kd‐tree classifier (based on a 6-dimensional key capturing total size and relative allocation across subintervals). This approach assumes relatively clean captures where timing and packet sizes can be resolved to reconstruct segment boundaries. Their later work [reed2017identifying] extends this method to larger catalogs and refines the kd-tree search and filtering steps, but at the cost of increased sensitivity to capture noise, packet loss, or incomplete traces. More recently, Björklund et al [10060390] adapted the burst-fingerprinting approach to TLS-encrypted DASH streams by mapping observed packet bursts to segment size fingerprints and matching them via kd-tree search; their method appears to be the fastest video identification to date (above 98% accuracy within 15 seconds of packet capture). Björklund and Duvignau [usenixEndangeredPrivacy] later extended this line of work into a protocol-agnostic, large-scale attack that identifies streaming content solely from timing and burst patterns, achieving high accuracy ( $>$ 99.5%) even on large catalogs (over 200k videos).

Some studies focused on user activity inference. Saltaformaggio et al. [saltaformaggio2016eavesdropping] proposed NetScope, a passive eavesdropping framework that infers fine-grained in-app user activities by analyzing only packet metadata (sizes, timing, direction) and heuristics over burst/flow patterns. Even without access to payload, they achieve $\approx$ 78% precision and $\approx$ 76% recall over 35 app activities in their evaluation. In parallel, Stöber [stober2013you] showed that individual smartphones can be fingerprinted by passively observing background traffic patterns generated by installed applications (synchronization, updates) and exploiting side-channel features like periodicity, timing, and volume. Their method works purely via external network observation (without needing instrumented client logs). Chen et al. [chen2014fingerprinting] presented a method for passive OS fingerprinting using flow metadata (e.g. TCP/IP header features) from an ISP or mobile-operator vantage point. Their approach uses standard flow-analysis features and classifiers on upstream traffic to distinguish operating systems and also detect tethering.

Other works emphasized application-level identification. Taylor et al. [taylor2016appscanner]’s AppScanner used TLS/HTTPS metadata (packet sizes, directions, timing) combined with aggregate session features (e.g. bytes, packet counts, durations) to fingerprint smartphone apps from encrypted traffic. Operating over captures or ISP/flow logs, it achieves high accuracy across a large set of apps. Similarly, Rimmer et al. [rimmer2017automated] proposed a deep learning–based website fingerprinting attack over Tor, which learns implicit traffic features (size, timing, direction) without manual feature engineering. Though it assumes the ability to partition and label flows for training, their approach achieves high accuracy ( $>$ 96%) by leveraging large datasets and neural architectures. Muehlstein et al. [muehlstein2017analyzing] showed that a passive adversary observing encrypted TLS/HTTPS traffic can infer the user’s operating system, browser, and application by exploiting packet ordering, sizes, timing, and TLS handshake metadata. Aceto et al [aceto2019mobile, aceto2020toward] extended this line of work by applying DL models to encrypted mobile flows: they classify mobile app traffic in WiFi / LTE settings using full application-level flows (e.g. packet sequences, timing, payload lengths) as input. Their approach uses standard capture or flow logs (i.e. commodity collection setups) and leverages automatic feature extraction via neural networks. Along the same direction, Rezaei et al. [rezaei2019large] developed a CNN + LSTM model for mobile app identification by combining per-flow features (e.g. packet sizes, timing, header/payload bytes in the first few packets) with sequential context from adjacent flows. Their approach assumes visibility of flow-level metadata and some handshake bytes, and is able to improve classification accuracy, especially on ambiguous flows. D’Angelo et al [d2021network] broadened traffic classification to multiprotocol settings (including encrypted traffic) by training deep convolutional recurrent autoencoders on bidirectional flows to automatically extract spatio-temporal features, while Shapira et al. [shapira2019flowpic] propose FlowPic, a method to convert encrypted VPN/Tor flows into 2D images (packet size vs time), and apply a CNN to classify traffic categories and applications. In experiments on ISCX VPN/Tor datasets, they achieve up to $\approx$ 99.7% accuracy on category classification, though performance degrades for application classification under Tor. Petagna et al. [petagna2019peel] also performed app deanonymization over Tor on Android devices by passively reconstructing TCP/Tor flows, extracting timing, burst, and size features, and classifying them via machine learning. Montieri et al. [montieri2021packet] pushed traffic analysis to the packet level, using multitask deep learning to jointly predict parameters like packet direction, payload length, and inter-arrival time. Their method is evaluated on real mobile app datasets (MIRAGE), outperforms traditional baselines (Markov, Random Forest), and highlights that no single architecture suits all apps. Marañón and Duvignau [10823417] examined the feasibility of app identification from encrypted 5G packet traces, using only traffic-pattern features (timing, size, direction). They applied classical ML (k-NN, Random Forest) and LSTM to highlight that even in 5G environments, encrypted traffic remains vulnerable to pattern leakage.

Other investigations ventured into cross-technology and control-plane contexts. Acar et al. [acar2020peek] designed a multi-stage passive privacy attack across Wi-Fi, ZigBee, and BLE networks. From purely sniffed MAC-layer timing and traffic-volume metadata, they successively infer device identity, state transitions, device state, and finally user activities. Meneghello et al. [meneghello2020smartphone] and Trinh et al. [trinh2020mobile] applied fingerprinting techniques to LTE control-plane side channels (i.e. PDCCH/DCI metadata). The former uses PDCCH signal observations and a 1D-CNN model for device or state fingerprinting, while the latter decodes DCI messages and builds a CNN classifier to classify apps and services running on user equipment solely from control-plane fingerprints, even though data traffic remains encrypted. Wang et al. [wang2020automatic] also used a hybrid CNN + LSTM architecture to identify mobile apps from encrypted traffic (TLS flows), fusing byte-level and sequence-level features, and assuming access to flow-level metadata (not full payloads). Moreover, Gijon et al. [gijon2020encrypted] and Zhao et al. [zhao2021optimized] pursue unsupervised traffic classification: the former clusters radio-trace descriptors into service classes, while the latter fuses SOM with K-means to cluster flow-level transport features from the Moore dataset. Both require flow/connection semantics but operate without labels. Cheng et al. [cheng2023watching] further demonstrated that a mobile-relay setup (e.g. built using srsRAN) can eavesdrop on VoLTE/VoNR in LTE/5G networks and recover transport-adjacent metadata such as call timing, duration, and direction, even when the traffic is encrypted, though without recovering voice content.

Finally, several works explored 5G-specific or physical-layer side-channels. Budykho et al. [budykho2023fine] probed fine-grained trackability in 5G by analyzing RRC (Radio Resource Control) signaling traces with their TrackDev framework, showing how execution patterns in the control plane can link sessions to the same user/device, while Wan et al. [wan2024nr] developed NR-Scope, a 5G SA telemetry tool that decodes unencrypted PDCCH/DCI control messages to extract fine-grained RAN scheduling and resource allocation information, enabling passive recovery of network-level telemetry without access to user payloads. Jawne et al. [jawne2025ai] showed that wideband SDR-derived spectrograms, coupled with deep learning models (ResNet, Transformer, LSTM), can fingerprint devices at the RF layer in 5G, enabling identity recovery despite encryption of higher-layer protocols. Also, Zhang et al. [zhang2025passive] proposed PTTF, a passive traffic analysis attack exploiting uplink HARQ (Hybrid ARQ) ACK/NACK patterns on the PUCCH in 5G NR/LTE. By extracting statistical time–frequency features from ACK/NACK power distributions, they applied Random Forest to achieve fine-grained App, category, and service identification without demodulating signals or cooperating with operators. Wani et al [wani2024security] systematically analyzed 5G NSA vulnerabilities and showed that, due to LTE anchoring, the system remains exposed to IMSI leakage attacks during attach procedures. This makes the attack architecture-specific, affecting NSA but not standalone 5G. At the experimental frontier, Xiong et al. [xiong20235g] demonstrated that passive sniffing of the ABS–CN wireless backhaul in a 6G UAV testbed can expose app usage: by capturing GTP-encapsulated flows and applying CNN classifiers, they achieved $>$ 97% accuracy in identifying applications despite encryption.

About position tracking

A smaller but significant group of works focus on passive user localization, showing that even encrypted or control-plane signals can leak spatial information.

Ateniese et al. [ateniese2015no] demonstrated that a passive adversary observing encrypted TLS traffic can infer a user’s approximate location by leveraging flow‐level size and timing patterns; their approach shows that metadata alone may suffice for coarse geographic positioning. Complementing this approach, Yang et al [yang2016passive] presented a passive localization approach for WiFi clients using RSSI (Received Signal Strength Indicator⁷⁷7RSSI represents the measured power level of a received radio signal, typically expressed in decibel-milliwatts (dBm). It is used by wireless systems (e.g., WiFi, LTE, 5G) to estimate link quality, signal coverage, and proximity to the transmitter.)-based fingerprinting combined with signal attenuation modeling and optimized fingerprint matching. They demonstrate via simulations and field experiments that it is possible to localize clients from intercepted signal strength measurements (i.e. without client cooperation), achieving both coarse “symbolic” localization and finer-grained positioning under favorable conditions.

Other studies moved deeper into the cellular stack. Kohls et al. [kohls2019lost] performed passive layer-2 fingerprinting (MAC / RLC / PDCP) on LTE traffic to both identify accessed websites and map radio identities to users (identity mapping). Their work shows that link-layer metadata (e.g. packet size, sequence numbers, scheduling via RNTI) leaks discernible patterns even when higher-layer encryption is in place. In a similar line, Rupprecht et al. [rupprecht2019breaking] uncovered LTE link-layer vulnerabilities by passively extracting layer-2 identifiers (e.g. RNTI/TMSI⁸⁸8Radio Network Temporary Identifier and Temporary Mobile Subscriber Identity) and metadata-based signals (e.g. scheduling behavior), enabling identity mapping and website fingerprinting that compromise user anonymity under encryption.

Building upon these findings, Kotuliak et al [kotuliak2022ltrack] introduced LTRACK, a fully passive LTE tracking attack that combines Timing Advance (TA) and Time of Arrival (ToA) measurements from uplink/downlink sniffer observations to localize user devices with sub-cell precision (e.g. $<$ 6 m error in line-of-sight). In the 5G context, Ludant et al. [ludant20235g] developed 5GSniffer, the first open-source 5G control channel sniffer capable of decoding PDCCH/DCI messages in live NR networks, and demonstrated attacks that leverage these leaks, such as linking RNTIs to users and revealing their presence within a cell, while highlighting that control-channel vulnerabilities can still be exploited in modern 5G deployments.

V-C Classification of the previous attacks

We noticed that the presented works primarily splits into two main categories based on the nature of the input used by the attack: works based on simple packet sequences, and works based on structured flow-level data. But with the emergence of 5G and beyond, a third distinct family is increasingly present; relying on control-plane or physical-layer features (see Fig. 6 for a statistic):

1.

Packet sequences as input. This represents a small minority of all works that assumes as input the simplest and easiest to acquire side-channel information: a sequence of packet lengths and times. That is a sequence of tuples of the form: $p_{i}=\langle t_{i},s_{i},d_{i}\rangle$ where the $i$ -th captured packet is only represented by its timestamp $t_{i}$ with microsecond precision, a size in bytes $s_{i}$ and a binary direction $d_{i}$ (that is either uplink or downlink). A packet burst is often defined as a subset of a packet sequence $[p_{i},p_{j}]$ so that all packets are transmitted within some predefined time threshold, that is $t_{j}-t_{i}\leq\theta$ . Bursts may alternatively be defined by characterizing their unusual high bitrate in comparison to average traffic, e.g. identifying $[p_{i},p_{j}]$ as part of a downlink burst if

$\frac{1}{t_{j}-t_{i}}\left(\sum_{\begin{subarray}{c}i\leq k\leq j\\ d_{k}=\text{downlink}\end{subarray}}s_{k}\right)>\theta,$

where $\theta$ can be constant or made dependent on average transfer rate.

Several works from Table II rely exclusively on such packet-level metadata, without reconstructing sessions or requiring transport or network-layer headers. Early examples include Barbera et al. [barbera2013signals] and Stöber [stober2013you], who exploited Wi-Fi probe request frames and LTE/3G background packet timings, respectively, to infer user presence or device identity from raw packet traces. Similarly, Wang et al. [wang2015know] and Ruffing et al. [ruffing2016smartphone] used packet sizes and interarrival times to identify mobile applications or operating systems directly from encrypted wireless traffic.

A number of later studies further refined this packet-level approach by focusing on burst structures. Reed et al. [reed2016leaky] analyzed encrypted HTTP adaptive streaming (DASH) traffic, showing that pieces of information such as packet sizes can uniquely identify video streaming content. Björklund’s subsequent large-scale extension [usenixEndangeredPrivacy] confirmed that such burst fingerprints remain effective even when traffic is tunneled through VPNs or over different network technologies.

Other packet-sequence attacks focus on user or device behavior inference. Saltaformaggio et al. [saltaformaggio2016eavesdropping] detected in-app user activities by observing encrypted traffic patterns, while Acar et al. [acar2020peek] applied similar reasoning to smart-home environments, where device state changes generate distinctive packet bursts across Wi-Fi, ZigBee, and BLE. Finally, Marañón et al. [10823417] demonstrated that encrypted 5G traffic retains similar burst-level side channels, where only packet timing and size sequences are sufficient for mobile application classification.
2.

Bi-directional flows as input. These represent the majority of the literature and in many cases, larger-scale results [rezaei2019large] have been obtained. Those works take as input network flows, which is requiring packet capture with at least clear IP headers. This information is for example not available to a simple eavesdropper attacker on a wireless channel encrypted at the MAC layer but requiring network infiltration or network administration rights. Some of these works hence depart from the attack-perspective and rather take an administrator point of view intending to replace DPI and infer traffic from its own network beyond application-layer or transport-layer encryption. Most use bidirectional flows, where traffic in both direction is aggregated in the same stream (i.e., source IP/port and destination IP/port are interchangeable).

A first family of works focuses on OS, browser, or device fingerprinting using network flow metadata. For instance, Chen et al. [chen2014fingerprinting] showed that operating systems could be identified from ISP-level TCP/IP flow headers, while Muehlstein et al. [muehlstein2017analyzing] and Rimmer et al. [rimmer2017automated] applied machine learning to HTTPS and Tor flows to infer client OS, browser, and visited websites from encrypted traffic. These approaches rely on aggregated session-level features such as packet counts, directions, and timing distributions, extracted from bidirectional flows rather than from isolated packet sequences.

A large group of works targets mobile application identification from encrypted flow features. Taylor et al. [taylor2016appscanner] identified Android apps from bidirectional TLS flow characteristics, later refined by Aceto et al. [aceto2019mobile, aceto2020toward] through DL architectures operating on full Wi-Fi or LTE flows. Similarly, Rezaei et al. [rezaei2019large] and D’Angelo et al. [d2021network] leveraged CNN–LSTM and autoencoder models on per-flow features (packet size, direction, and inter-arrival time) to classify encrypted traffic at scale. Follow-up works such as Wang et al. [wang2020automatic], Gijón et al. [gijon2020encrypted], Montieri et al. [montieri2021packet], and Zhao et al. [zhao2021optimized] explored both supervised and unsupervised learning on bidirectional flows to predict app activities, cluster traffic, or recognize services from transport-layer metadata.

Several other works examined encrypted traffic under realistic network settings and routing layers. Petagna et al. [petagna2019peel] analyzed Tor traffic by reconstructing TCP flows to deanonymize Android apps, while Shapira et al. [shapira2019flowpic] converted bidirectional flows into two-dimensional temporal–size histograms for CNN classification. Ateniese et al. [ateniese2015no] demonstrated that coarse user location inference is possible from TLS-encrypted flow metadata alone, and Cheng et al. [cheng2023watching] reconstructed VoLTE/VoNR call flows to recover session-level metadata in LTE/5G settings. Finally, Xiong et al. [xiong20235g] analyzed GTP/IP bidirectional flows in 6G UAV backhauls for application recognition.

Finally, the works of Dubin et al. [dubin2017know], Reed and Kranch [reed2017identifying], and Björklund et al. [10060390], which focused on video traffic identification, grouped packets belonging to a single streaming session into a flow using transport identifiers (such as IP/port tuples and TLS/HTTP session metadata). From these grouped packets, the authors extract ordered burst sequences capturing burst timing and burst size in byte.
3.

Control-plane and physical-layer inputs. While most classical approaches rely on packet or flow-level metadata, a distinct class of recent works has emerged that bypasses traditional network-layer inputs entirely and uses non user-plane data. These attacks exploit control-plane messages or physical-layer features (such as radio signal structure, scheduling metadata, or uplink feedback) to infer user activity or presence. This is especially relevant in 5G and beyond, where PDCP encryption, beamforming, and decentralized architectures make extracting flows or even packets increasingly difficult.
1. (a)
  
  Control-plane inputs: These studies operate at the signaling or protocol-control level and use decoded messages exchanged between the user equipment and the network (e.g., RRC, NAS, DCI, or PDCCH). They generally require software-defined radios or access to decoded traces but provide insights unavailable at the user plane. Early LTE-focused efforts such as Kohls et al. [kohls2019lost] and Rupprecht et al. [rupprecht2019breaking] revealed that even encrypted LTE traffic leaks identity and browsing information through link-layer scheduling and control identifiers. Later, Meneghello et al. [meneghello2020smartphone] and Trinh et al. [trinh2020mobile] analyzed the LTE downlink control channel (PDCCH) to fingerprint devices and identify applications directly from decoded DCI messages. With the advent of 5G, this line of work intensified: Budykho et al. [budykho2023fine] demonstrated user linkability via RRC signaling analysis, while Wan et al. [wan2024nr] built a passive 5G NR decoder that extracts telemetry and scheduling metadata from PDCCH/DCI messages. Similarly, Wani et al. [wani2024security] exploited 5G NSA attach procedures to expose persistent identifiers from RRC/NAS exchanges, and Ludant et al. [ludant20235g] showed that user presence can be detected by monitoring decoded NR control messages.
2. (b)
  
  Physical-layer inputs: At an even lower layer, several attacks rely directly on radio signal features or measurements rather than protocol messages. Yang et al. [yang2016passive] first demonstrated that Wi-Fi clients can be localized using RSSI fingerprints without any packet or flow information. Kotuliak et al. [kotuliak2022ltrack] extended this idea to LTE by inferring user position from physical-layer timing metrics such as Timing Advance and Time-of-Arrival. More recent 5G studies leverage wideband SDR capture and physical feedback channels: Jawne et al. [jawne2025ai] used deep learning on RF spectrograms to fingerprint individual 5G devices, while Zhang et al. [zhang2025passive] extracted HARQ ACK/NACK sequences from the 5G PUCCH to infer application-level activity.

VI Feasibility Analysis

This section presents one of the core contributions of our paper: a feasibility analysis of PNAs schemes in 5G/B5G environments.

TABLE III: Tool availability and cost across LTE, 5G, and B5G.

Network	Open-source Stacks	Sniffers Available	Hardware Cost	Coverage
Wi-Fi	Linux NICs, openwifi	Wireshark, kismet	PC + USB (No additional cost)	TDD, ISM/unlicensed bands (2.4/5/6 GHz)
LTE/4G	srsRAN/srsLTE, OAI	LTESniffer, Airscope, OWL	$<\mathdollar 200$	FDD/TDD, sub‑6 GHz cells
5G NR	srsRAN, OAI	Custom/limited PDCCH decoders	$500–$2,000 (multi‑antenna SDRs)	mMIMO, sub‑6 GHz (limited)
B5G/6G	Prototype frameworks	None publicly available	$>\mathdollar 10,000$ (specialized rigs)	mmWave/FM bands (preliminary)

VI-A Feasibility factors

The objective of the survey is to produce a feasibility analysis of the difficulty of reproducing known PNAs in 5G/B5G networks. While many fingerprinting and inference attacks have been successfully demonstrated in WiFi and LTE contexts, the jump to 5G and B5G introduces new challenges and opportunities that impact attacker capabilities. All the following aspects of practicality for an attacker to perform the attack are explored and analyzed (see Table III for a summary.):

•

Is the needed hardware easily available on the market? Since commercial LTE and even more 5G devices do not offer network monitoring functions, a custom-based setting (antenna within appropriate frequency range and some software-defined radio code) is likely required without access to the very few closed-source professional equipment.
•

5G radio communications are much more spatially selective than in previous systems. How close does an eavesdropper need to be to capture enough data?
•

5G antennas are deployed closer to the users. Can this facilitate privacy leaks following the popular belief, or, on the contrary, make the reproduction of known attacks an even more challenging task?

In earlier work, many attacks targeted WiFi-connected devices, largely due to ease of access and high bandwidth. WiFi traffic can be captured using commodity devices. In contrast, cellular traffic, particularly in 5G, poses several physical, protocol-layer, and resource constraints that affect attack reproducibility and scale.

VI-A1 Physical Layer Constraints: The Beamforming Barrier

Unlike the omnidirectional broadcasting typical of Wi-Fi, 5G NR (especially in FR2/mmWave) utilizes massive MIMO and beamforming to direct energy toward the legitimate user (UE). For a passive eavesdropper (Evsdr) to intercept this traffic, they must overcome the spatial filtering inherent in the transmitter’s antenna array (see Figure 7 for an overview).

The received power at Evsdr, $P_{Evsdr}$ , can be modeled by modifying the Friis transmission equation [friis1946note] to account for directional array gains:

P_{Evsdr}=P_{TX}+G_{TX}(\theta_{Evsdr})+G_{RX}(\phi_{Evsdr})-PL_{Evsdr}(d_{Evsdr})

Where:

$P_{TX}$ is the transmit power of gNodeB.
$G_{TX}(\theta_{Evsdr})$ is the gain of the gNodeB antenna in the direction of Evsdr ( $\theta_{Evsdr}$ ), and $G_{RX}(\phi{Evsdr})$ is the gain in the direction of the transmitter from Evsdr.
$PL_{Evsdr}(d_{Evsdr})$ is the path loss at Eve’s distance.

Main-Lobe vs. Side-Lobe Leaks

If Evsdr is not collinear with the target UE (i.e $\theta_{Evsdr}\neq\theta_{UE}$ ), he/she does not benefit from the main lobe gain ( $G_{main}$ ). Instead, this eavesdropper must rely on side-lobe leakage ( $G_{side}$ ). In standard 5G uniform planar arrays (UPAs⁹⁹9Two-dimensional antenna arrays with regularly spaced elements that allow for 3D beamforming by steering energy in both azimuth and elevation planes.), side-lobe attenuation levels are typically 13 dB to 20 dB lower than the main lobe depending on the tapering window used (e.g., Chebyshev or Taylor). Therefore, to achieve the same Signal-to-Noise Ratio (SNR) as the target, Evsdr must be significantly closer to the gNodeB or employ a high-gain receiver ( $G_{RX}$ ) to compensate for the $\approx$ 20 dB loss.

The ”SNR Wall” for Demodulation

Successful attack execution requires decoding the control information (DCI). This requires a minimum SNR threshold ( $SNR_{min}$ ). If the gNodeB uses adaptive beamforming, it minimizes power to just satisfy the target’s $SNR_{Target}$ . Consequently, the leakage SNR available to Evsdr often falls below the Shannon limit for reliable decoding [shannon1948mathematical]:

SNR_{Evsdr}\approx SNR_{Target}-(G_{main}-G_{side})

Unless Evsdr is located in a ”hotspot” created by multipath reflection (Non-Line-Of-Sight¹⁰¹⁰10Radio signal propagation where the direct physical path between the transmitter and receiver is obstructed, requiring the signal to arrive via reflection, scattering, or diffraction.), the signal is physically unrecoverable, rendering the attack infeasible regardless of computational power.

VI-A2 Protocol Layer Barriers: The ”Blind Decoding” Complexity

Even if Evsdr captures the physical signal (e.g., by standing near the target), 5G NR protocols impose a computational barrier to making sense of the data. Unlike Wi-Fi, where headers are often visible, 5G control channels are heavily obfuscated.

The RNTI Scrambling Hurdle

The Physical Downlink Control Channel carries the DCI, which is necessary to locate and decode user data. However, the CRC (Cyclic Redundancy Check) of the DCI is scrambled using an RNTI specific to the user, called C-RNTI (Cell Radio Network Temporary Identifier).

•

The Challenge: A passive sniffer does not know the target’s C-RNTI. To decode a single DCI message, Evsdr must brute-force the RNTI.
•

The Complexity: The RNTI is a 16-bit value ( $2^{16}=65,536$ possibilities). If an eavesdropper attempts to decode a candidate DCI, he/she must XOR the calculated CRC with every possible RNTI. A ”pass” in CRC check is the only confirmation of a correct RNTI.

Search Space Explosion

In 5G NR, the location of the PDCCH is not fixed. It exists within a ”Search Space” configured by CORESETs (Control Resource Sets). A UE monitors a set of ”candidates” (time-frequency resources) in every slot. In a standard 5G slot (0.5 ms for 30 kHz SCS -Subcarrier Spacing-), there may be up to 44 blind decoding candidates.

Ops_{Slot}\approx N_{Candidates}*N_{RNTI}\approx 44*65,536\approx 2.8*10^{6}\text{checks/slot}

For a real-time sniffer, this requires checking nearly 3 million combinations every 0.5 ms, a computational throughput that exceeds standard General Purpose Processors (GPP).

VI-A3 Resource Barriers: Hardware Cost and Software Maturity

Beyond physics and algorithms, practical feasibility is severely limited by the availability of Commercial Off-The-Shelf (COTS) tools. We show here a comparison of available tools for different network types (see Table III for a summary).

High-Bandwidth Acquisition Costs

5G NR typically operates with channel bandwidths ranging from 40 MHz to 100 MHz (FR1) and up to 400 MHz (FR2). To capture this spectrum passively, an adversary requires an SDR capable of high sampling rates (Nyquist rate $\geq$ bandwidth).

•

The Cost Gap: Common entry-level SDRs (e.g., RTL-SDR, HackRF) are limited to $\leq$ 20 MHz bandwidth. Capturing a full 100 MHz 5G carrier requires high-end peripherals (e.g., USRP X310 or N310) costing upwards of $10,000 USD, plus high-throughput interfaces (10 Gigabit Ethernet) to stream raw I/Q data to a host processor without dropping samples.
•

Storage Requirements: Storing raw I/Q samples for offline analysis creates a massive data footprint (approx. 800 MB/s for a 100 MHz channel), limiting the duration of feasible attacks.

Lack of ”Promiscuous” Software Stacks

As noted in [kohls2019lost], in the LTE/4G domain, robust open-source stacks such as srsLTE integrated with passive sniffers like Airscope, OWL, and LTESniffer enable researchers to capture real cell traffic with modest setups. These tools run on SDR platforms like the Universal Software Radio Peripheral (USRP) B200 or BladeRF, typically costing under $200, making LTE sniffing the most widely accessible. In the 5G context, although sub-6 GHz SDRs, including multi-antenna units (e.g., bladeRF 2.0 micro, USRP B2xx/B210), are OTS; general-purpose mmWave front-ends and phase-coherent arrays remain specialized and scarce.

Open-source tools like srsRAN or OpenAirInterface are designed as endpoints (UE or gNodeB). They operate state machines that expect a specific assigned RNTI. Modifying these tools for ”promiscuous mode” sniffing is non-trivial because they lack the architecture for parallelized, massive blind decoding across the entire RNTI space. This explains the scarcity of ”plug-and-play” 5G sniffers compared to the Wi-Fi ecosystem.

Capturing PDCCH control-plane messages remains however possible, but only via custom-developed tools or patched forks of LTE-era decoders. For example, [ludant20235g] successfully decoded DCI messages to track user presence in a live 5G NSA cell, while [wan2024nr] extracted RRC scheduling telemetry from the 5G downlink via specialized PDCCH sniffers. These works required manually configured SDRs and tuning of decoder parameters, often relying on adapted versions of OWL or private tools layered atop srsRAN. Other recent works such as [jawne2025ai] bypass the network stack entirely and capture RF signals at the physical layer, using spectrogram-based fingerprinting to distinguish between 5G user devices. This approach requires wideband RF sampling hardware and DL-capable GPUs for inference, increasing cost and system complexity. Similarly, [wani2024security] demonstrated passive monitoring of real-world 5G NSA deployments to uncover IMSI leakage and tracking vulnerabilities, using adapted SDR toolchains.

The move to B5G/6G

The situation in B5G and 6G is even more constrained. Most experimentation is limited to research testbeds using non-public platforms or hardware prototypes, with no general-purpose open-source passive monitoring tools currently available.

VI-B Demonstrability of the surveyed works on 5G

We start here by analyzing whether the surveyed PNAs in Section V can be reproducible on 5G networks. This helps us situate where the current literature is headed. We consider in our assessment a passive and external attacker. We classified the works into 4 levels of feasibility (see Table IV for a summary).

Class 1: Not Reproducible / Not Applicable

This class includes attacks that cannot be reproduced on 5G at all, mainly because they depend on data that is fundamentally inaccessible under the 5G security model. For instance, some attacks require information from the physical layer of user equipment that is now fully encrypted and therefore out of reach for an external eavesdropper. Since no known tools, workarounds, or experimental methods exist to bypass these barriers, such attacks are considered theoretically impossible to reproduce in practical 5G scenarios.

A large subset of early works fall in this class because they rely on packet or flow-level visibility that 5G completely conceals behind PDCP encryption and GPRS Tunneling Protocol (GTP) encapsulation. These methods typically assume access to plaintext IP/TCP headers or reconstructed sessions, which an external 5G eavesdropper cannot observe.

•

Barbera et al. [barbera2013signals] relies on Wi-Fi probe requests and management frames observable only in 802.11 environments, with no equivalent in 5G.
•

Chen et al. [chen2014fingerprinting], Taylor et al. [taylor2016appscanner], Dubin et al. [dubin2017know], Muehlstein et al. [muehlstein2017analyzing], Rimmer et al. [rimmer2017automated], Aceto et al. [aceto2019mobile, aceto2020toward], Petagna et al. [petagna2019peel], Shapira et al. [shapira2019flowpic], Rezaei et al. [rezaei2019large], D’Angelo et al. [d2021network], Gijón et al. [gijon2020encrypted], Montieri et al. [montieri2021packet], and Zhao et al. [zhao2021optimized] all require bidirectional IP/TCP flow information or transport-layer statistics. These inputs are encrypted and multiplexed in 5G, making passive capture and reconstruction impossible without operator access.
•

Xiong et al. [xiong20235g] and Ateniese et al. [ateniese2015no] rely on GTP or ISP-level traffic features available only inside the core network, not observable over the air.
•

Both burst-based methods of Reed & Kranch [reed2017identifying] and Björklund et al. [10060390] rely on clean and precise packet-level visibility (sizes, timings, ordering) obtainable in Wi-Fi or wired settings; this assumption is fundamentally impossible in LTE/5G due to protocol encapsulation and encrypted transport blocks.

TABLE IV: Feasibility classification of passive network attacks

Authors (Year) [ref.]	Problem tackled	Input	on 5G
Barbera et al. (2013) [barbera2013signals]	Relation ID	PKT
Chen et al. (2014) [chen2014fingerprinting]	OS ID	FLW
Ateniese et al. (2015) [ateniese2015no]	Localization TR	FLW
Taylor et al. (2016) [taylor2016appscanner]	Application ID	FLW
Dubin et al. (2017) [dubin2017know]	Video ID	FLW
Rimmer et al. (2017) [rimmer2017automated]	Website ID	FLW
Muehlstein et al. (2017) [muehlstein2017analyzing]	OS/browser/app. ID	FLW
Aceto et al. (2019) [aceto2019mobile]	Traffic ID	FLW
Petagna et al. (2019) [petagna2019peel]	Application ID	FLW
Shapira et al. (2019) [shapira2019flowpic]	Traffic ID	FLW
Rezaei et al. (2019) [rezaei2019large]	Application ID	FLW
D’Angelo et al. (2019) [d2021network]	Traffic ID	FLW
Aceto et al. (2020) [aceto2020toward]	Traffic ID	FLW
Wang et al. (2020) [wang2020automatic]	Application ID	FLW
Gijon et al. (2020) [gijon2020encrypted]	Traffic ID	FLW
Montieri et al. (2021) [montieri2021packet]	Pkt ID	FLW
Zhao et al. (2021) [zhao2021optimized]	Traffic ID	FLW
Xiong et al. (2023) [xiong20235g]	Activity ID	FLW
Reed et al. (2017) [reed2017identifying]	Video ID	FLW
Björklund et al. (2023) [10060390]	Video ID	FLW
Stöber (2013) [stober2013you]	User ID	PKT
Wang et al. (2015) [wang2015know]	Application ID	PKT
Saltaformaggio et al. (2016) [saltaformaggio2016eavesdropping]	Activity ID	PKT
Ruffing et al. (2016) [ruffing2016smartphone]	OS ID	PKT
Reed et al. (2016) [reed2016leaky]	Video ID	PKT
Acar et al. (2020) [acar2020peek]	Activity ID	PKT
Marañón et al. (2024) [10823417]	Application ID	PKT
Björklund et al. (2025) [usenixEndangeredPrivacy]	Video ID	PKT
Yang et al. (2016) [yang2016passive]	Passive TR	PHY
Kotuliak et al. (2022) [kotuliak2022ltrack]	UE TR	PHY
Kohls et al. (2019) [kohls2019lost]	User TR	CPM
Rupprecht et al. (2019) [rupprecht2019breaking]	User ID	CPM
Meneghello et al. (2020) [meneghello2020smartphone]	Smartphone ID	CPM
Trinh et al. (2020) [trinh2020mobile]	App/Service ID	CPM
Ludant et al. (2023) [ludant20235g]	Movement TR	CPM
Budykho et al. (2023) [budykho2023fine]	Entity ID	CPM
Wan et al. (2024) [wan2024nr]	Telemetry ID	CPM
Wani et al. (2024) [wani2024security]	IMSI ID	CPM
Cheng et al. (2023) [cheng2023watching]	VoLTE ID	FLW
Jawne et al. (2025) [jawne2025ai]	Devices ID	PHY
Zhang et al. (2025) [zhang2025passive]	Activity ID	PHY
/	/	/

Acronyms: ID = Identification, TR = Tracking, CPM = Control Plane Message, FLW = Flow, PHY = Physical Layer Data, PKT = Packet Sequence.
Symbols: = Not Reproducible, = Reproducible with extensive efforts, = Reproducible with efforts, = Easily Reproducible.

Class 2: Reproducible with extensive efforts

This class refers to attacks that, in principle, could be adapted to 5G but would require significant effort, technical expertise, and specialized equipment to achieve. Typically, these are techniques demonstrated on Wi-Fi or LTE that do not directly transfer to 5G without major modifications. They often require custom-built SDR pipelines, proprietary tools, or carefully controlled laboratory environments, which makes them impractical for most adversaries. While not impossible, the high cost and complexity place these attacks in a category of limited feasibility.

A large part of the surveyed works falls in this class.

•

Works such as Stöber [stober2013you], Wang et al. [wang2015know], Ruffing et al. [ruffing2016smartphone], Saltaformaggio et al. [saltaformaggio2016eavesdropping], and Acar et al. [acar2020peek] infer device or user behavior from packet timing and/or size sequences. While conceptually valid on 5G, reproducing these attacks requires complete SDR demodulation and extraction of user-plane packet events from PDCP frames, which is currently feasible only with custom signal-processing pipelines and precise synchronization.
•

Yang et al. [yang2016passive] exploits RSSI data from commodity Wi-Fi hardware; such per-packet PHY metrics are not available from 5G modems. However, 5G offers alternative signals that carry spatial information such as RSRP (Reference Signal Received Power, the measured power level of a 5G reference signal received by a device, indicating signal strength from a specific cell) and Beam indexes (identifiers for the directional beams used in 5G to guide radio signals between a base station and a device). Using specialized and advanced SDR gear can also help decoding synchronization sequences instead of traffic frames, which can enable high-resolution fingerprints. In other words, the attack as it is cannot be reproduced on 5G unless it is adapted to capturing spatial information from 5G-specific signals.
•

The other works of Reed et al. [reed2016leaky] and Björklund et al. [usenixEndangeredPrivacy]; in contrast to the first two [reed2017identifying, 10060390], depend on identifying characteristic download bursts in encrypted DASH or HTTPS traffic without requiring access to network, or having precise data visibility. The burst patterns used by these attacks (packet-burst timing and size features) still exist in 5G user-plane traffic but can only be accessed by isolating PDCP bursts through advanced SDR decoding and manual calibration, requiring significant effort.
•

Kotuliak et al. [kotuliak2022ltrack] exploits LTE Timing Advance and ToA for localization, and Marañón et al. [10823417] proposes 5G app fingerprinting using burst-level side channels. Both require specialized SDR setups, multi-antenna synchronization, and precise timing recovery to be reproduced on 5G NR, making them feasible most likely only in carefully controlled environments.
•

Meneghello et al. [meneghello2020smartphone] and Trinh et al. [trinh2020mobile] decode LTE control-plane information such as DCI and PDCCH messages to fingerprint user sessions. These works fall into this class as they have not been performed proven to work on 5G; however, it is important to note that equivalent PDCCH/DCI decoding has since been demonstrated on 5G NR testbeds using open-source SDR toolchains (e.g [ludant20235g, wan2024nr]).

Class 3: Reproducible with efforts

This class contains attacks that have already been demonstrated on 5G, but only under specific conditions that demand non-trivial effort from the attacker. Examples include experiments on 5G testbeds or small scale live networks where techniques such as decoding control plane messages or extracting side channel features have been shown to work. While reproduction is possible, it usually requires mid-range SDR hardware, manual tuning, and favorable conditions such as beam alignment or reduced noise. These attacks are feasible, but not straightforward, and their success depends heavily on the attacker’s expertise and setup.

Verily, only a few works fit in Class 3:

•

Budykho et al. [budykho2023fine] reveals user linkability through 5G RRC signaling, and Ludant et al. [ludant20235g] detects 5G device presence from PDCCH scheduling activity. Both operate natively on 5G NR and can be reproduced with moderate effort using known decoding frameworks such as srsRAN or OAI.
•

Cheng et al. [cheng2023watching] demonstrates side-channel inference from VoNR session metadata, showing practical feasibility on operational 5G networks with limited lab instrumentation.
•

Wan et al. [wan2024nr] and Wani et al. [wani2024security] extend control-plane analysis to live 5G and NSA deployments, respectively. Their tools decode RRC and NAS signaling and associate UE activity with resource allocations, achievable on commercial 5G testbeds with calibrated SDR receivers.
•

Jawne et al. [jawne2025ai] and Zhang et al. [zhang2025passive] exploit physical-layer information in 5G signals, such as RF fingerprints and uplink ACK/NACK behavior, to infer device presence or activity. Both have been experimentally validated on 5G NR, requiring signal synchronization and noise calibration but otherwise reproducible with standard research-grade SDR platforms.

Class 4: Easily Reproducible

This class would include attacks that can be reproduced on 5G with minimal additional effort, using commodity hardware, readily available open source software, and without strong constraints on attacker positioning or signal directionality. In Wi-Fi and even LTE, examples of such attacks existed: basic website fingerprinting, simple traffic classification, and user/app identification could be performed with laptop-grade NICs and publicly available tools.

However, across all the works surveyed, no attack meets these criteria in 5G. Even the most convincing 5G demonstrations, such as IMSI catching in NSA networks, PDCCH/DCI decoding for user presence, or application identification in controlled testbeds, required SDR hardware, custom protocol decoders, or non-commodity data collection pipelines. Signal directionality further complicates capture, as narrow 5G beams mean attackers must align carefully or deploy multiple antennas to observe usable traces. Likewise, software maturity remains low: although frameworks such as srsRAN exist, they require significant modification and lack turnkey support for 5G passive sniffing. For these reasons, we consider that, as of today, no known attack would qualify for Class 4, and this absence is itself significant: it reflects the raised technical barrier of 5G compared to earlier wireless generations.

VI-C Discussion

The classification of prior works reveals clear trends in the feasibility of PNAs on 5G. Attacks that relied heavily on packet-level visibility or higher-layer traffic flows (e.g., TLS/HTTPS metadata, transport-level burst features) largely fall into Class 1 and Class 2, since encryption and beamforming prevent external adversaries from reconstructing such data in 5G. In contrast, the attacks that remain feasible are those exploiting side-channels at the control plane or radio access layer. This includes works that decode PDCCH/DCI scheduling, measure timing signals, or analyze packet bursts indirectly observable at the air interface. These attacks form the bulk of Class 3, showing that while they require non-trivial expertise and specialized SDR setups, they remain reproducible in 5G. Interestingly, no study reached Class 4: even attacks demonstrated directly on 5G involve custom hardware, tuned decoders, or controlled conditions. The absence of “easily reproducible” PNAs underscores that 5G has significantly raised the entry barrier compared to LTE and Wi-Fi, shifting the attack surface towards complex side-channels rather than straightforward traffic analysis.

A second important observation emerging from this study is the clear correspondence between the type of input data used by prior attacks and their reproducibility on 5G. As summarized in Table IV, most Class 1 works rely on flows as input, i.e., transport- or application-layer aggregates that are fully hidden behind PDCP encryption and GTP encapsulation in 5G. These dependencies on higher-layer visibility explain why such attacks are now infeasible. In contrast, the majority of Class 2 attacks operate on packet sequences, using timing and size patterns as side channels. These features still exist conceptually in 5G; but recovering them requires extensive SDR-based demodulation and PDCP event reconstruction, hence their placement in the “reproducible with extensive efforts” class. Finally, nearly all Class 3 works exploit control-plane messages or physical-layer features such as DCI scheduling, uplink feedback, or RF characteristics. These elements remain observable at the air interface and therefore represent the most practical input sources for modern PNAs.

This strong alignment between input type and feasibility highlights a fundamental shift in adversarial observability: as encryption removes access to packets and flows, viable side channels have progressively migrated downward to the control and physical layers.

Looking forward, this classification has important implications for B5G/6G. Since most Class 1 and Class 2 attacks are already infeasible in 5G, they are unlikely to reappear in more secure architectures [abdel2022security, alqwider2024combat]. The attacks that deserve closer attention are those in Class 3, these represent the most reproducible threats today and may still be relevant if future systems do not fully obfuscate scheduling or timing information. However, with trends in B5G/6G towards randomized control channels, beam obfuscation, and AI-driven scheduling, it is reasonable to expect that even Class 3 attacks will become increasingly difficult, migrating toward Class 2 or even Class 1. In this sense, a new classification table for B5G/6G as Table IV is not strictly necessary: the current analysis already suggests that the feasibility of PNAs will continue to shrink, with adversaries needing ever more effort, expertise, and privileged access to reproduce them.

TABLE V: Comparison of the feasibility factors of PNAs in 5G and B5G/6G.

Aspect	5G	B5G / 6G
Signal Directionality	Directional (beamforming), attacker must be aligned or close	Stronger beamforming, tighter spatial constraints
Carrier Frequency	Mid-band (e.g., 3.5 GHz), some mmWave	mmWave/THz (e.g., $>28$ GHz), severe propagation loss
SDR Requirements	Moderate (wideband SDRs, custom decoders)	High (multi-antenna arrays, high-speed RF front-ends)
Tool Availability	Limited passive sniffers (custom implementations only)	No public sniffer stacks
Encryption / Integrity	IMSI/NAS protection, UP integrity optional	Stronger, integrated integrity/encryption
Packet/Flow Visibility	Link-layer only (no IP or payload access)	Same or more restricted (header and timing inference only)
Control-plane Leakage	DCI, RRC-based inferences possible [ludant20235g, wan2024nr]	Unknown
ML Attack Feasibility	Limited by noise and lack of ground truth	Likely infeasible without integration with experimental setups
Device Fingerprinting	Viable using RF features [jawne2025ai]	Untested and hardware-constrained
Reproducibility	Challenging, but possible under specific conditions	Not yet demonstrated

We summarize these findings in Table V which outlines the technical and practical constraints that further limit the feasibility and reproducibility of PNAs. First, many 5G PNA studies assume clean, high-quality traces, but in real deployments, packet captures are often incomplete or degraded, especially under beam misalignment or high mobility, which dramatically reduces the reliability of ML-based classifiers. Second, directive antennas and beamforming in 5G and B5G impose spatial constraints: an eavesdropper outside the main beam may receive little to no usable signal, making passive sniffing highly sensitive to positioning and environment. Third, control-plane leakage via DCI decoding or RRC signaling may provide useful side-channel information, but it’s increasingly recognized as a substitute for DPI, carrying potential risks related to traffic censorship or user fingerprinting even under encryption [rupprecht2019breaking]. Fourth, edge deployments and V2X scenarios, characterized by rapid node movement and dynamic channels, introduce further challenges; propagation conditions vary dramatically, making attacker alignment and signal acquisition at the edge an open research question. Fifth, most existing studies assume idealized lab settings, limiting their generalizability. This is supported by analyses on the importance of realistic labeling and trace collection for accurate evaluation of ML models in networking. Finally, at the B5G/6G frontier, no open passive sniffer stacks currently exist, and most experimentation is confined to proprietary testbeds. The use of higher-frequency bands (mmWave, THz), tighter beam steering, and adaptive transmission schemes makes passive eavesdropping practically infeasible under current conditions.

VII Conclusion and future work

This survey systematically analyzed the current landscape of passive network attacks in the context of 5G and beyond-5G cellular networks. We reviewed 41 peer-reviewed works, covering attack goals such as traffic classification, app and video identification, and user localization. We classified these works based on their input types (packet sequences, flows, or physical/control-plane data) and analyzed their applicability to next-generation networks.

Our main research question was to determine how feasible and reproducible existing PNAs are when applied to 5G and B5G deployments, and therefore ease the public concerns about the security and privacy implications of 5G architectures. The comparative analysis shows that most classical attacks such as packet-sequence traffic classification and flow-based fingerprinting are no longer reproducible in 5G, since the required visibility is blocked by MAC encryption, multiplexing, and beamforming. Additional obstacles include the need for specialized SDR hardware, the limited maturity of open-source 5G sniffing tools, and the directional nature of high-frequency links. Nevertheless, recent studies demonstrate that a subset of PNAs exploiting control-plane leaks (e.g., through DCI or RRC analysis) and physical-layer side channels (e.g., RF fingerprinting) remain feasible in 5G, though only with non-trivial expertise and equipment.

In other words, 5G does not eliminate PNAs entirely, but it confines them to research-grade or well-equipped adversaries. Looking forward, the move toward B5G/6G further reduces feasibility: the absence of public sniffers, increasing hardware costs, and added obfuscation mechanisms mean that such attacks are, for now, practically infeasible in these emerging networks.

Limitations

This work is based on a literature-driven feasibility study. We have not yet performed empirical validation in commercial or operational 5G environments due to limited availability of antennas and suitable passive hardware. Additionally, many published attacks rely on clean or synthetic traces, whereas real-world sniffing introduces noise, packet loss, and multi-flow mixing; factors that are often unaddressed in prior evaluations.

Future works

Our next steps involve testing selected passive attacks on a real 5G testbed. This includes evaluating:

•

The impact of beam misalignment and mobility on trace capture,
•

The minimum proximity required for successful signal interception, and
•

The reproducibility of known classification models in degraded conditions.

In parallel, we plan to explore probabilistic modeling tools such as Hidden Markov Models and finite state machines for application classification under link-layer encryption, where traditional flow-based ML fails due to lack of packet headers. These models may offer resilience to noise and enable inference from sparse metadata.

In the longer term, our work may contribute to improving both attack resilience in 5G/B5G systems and autonomous traffic classification in data centers and edge networks, including developing DPI alternatives that respect encryption boundaries while ensuring performance and QoS.

Ultimately, this survey lays the groundwork for more realistic, implementation-based evaluations of passive inference risks in next-generation wireless networks. If attacks fail under real-world constraints, 5G can be shown to offer a measurable privacy advantage over LTE. If not, our findings may inform future standards and mitigation strategies.