Surgical Strike on 5G Positioning: Selective-PRS-Spoofing Attacks and Its Defence

As a solution for city-range integrated sensing and communication and intelligent positioning, 5G high-precision positioning is flooding into reality. Nevertheless, the underlying positioning security concerns have been overlooked, posing threats to more than a billion emerging 5G localization applications. In this work, we first identify a novel and far-reaching security vulnerability affecting current 5G positioning systems. Correspondingly, we introduce a threat model, called the selective-PRS-spoofing attack (SPS), which can cause substantial localization errors or even fully-hijacked positioning results at victims. The attacker first cracks the broadcast information of a 5G network and then poisons specific resource elements of the channel. Different from traditional communication-oriented 5G attacks, SPS targets the localization and exerts real-world threats. More seriously, we confirm that SPS attacks can evade multiple latest 3GPP R18 defense, and analyze its great stealthiness from its precise spoofing feature. To tackle this challenge, a Deep Learning-based defence method called in-phase quadrature intra-attention network (IQIA-Net) is proposed, which utilizes the hardware features of base stations to perform identification at the physical level, thereby thwarting SPS attacks on 5G positioning systems. Extensive experiments demonstrate the effectiveness of our method and its good robustness to noise.