Internet of Things (IoT)

More than 100 new implementation vulnerabilities across a wide range of protocols were found: 5G, ZigBee, CoAP, ORAN, BLE etc. Notably 5Ghoul and U-Fuzz (our fuzzing technologies to target any IoT protocol) have uncovered over 24 new 5G implementation vulnerabilities (over 18 with high severity) in major vendor modems such as Qualcomm and MediaTek. For this discovery, the vendors have awarded the group over 40,000 USD bug bounty. Till date 5Ghoul and U-Fuzz remain by far the most promising and open-source technology for 5G UE testing gaining over 760 stars in GitHub (5Ghoul: 660+, U-Fuzz: 100+). These technologies have also been featured widely in various news including Channel News Asia, HackerNews, HackaDay etc.

iTrust IoT project team was one of the pioneers to have been publicly recognized with a CVD. Sni5Gect shows overshadow and injection attacks in 5G NR without needing a rogue base station. This technology found vulnerability in the 3GPP protocol (CVD-2024-0096) affecting the mobile industry.

Three technologies in international conferences:

1. ChatIoT appearing in ACNS’26.
2. ORANClaw presenting at ACM WiSec’26.
3. AirBugCatcher published in ACSAC’24.