PwC has a plan to use 5G network from Aalto University to illustrate possible impact of the some of the EU 5G Toolbox scenarios. Outcome of the failures could be devastating in the real world. It may cause failure of some critical services in the society, or sanctions for the mobile operator, and/or private network user. Due to failure, some of the core parts of the 5G network may be requested to be replaced by the authorities.

The 5G connection is maintained by virtualized network functions called Authorization Management Function (AMF) and Session Management Function (SMF) among others. These functions run in the mobile operator infrastructure. Participants should try to run their own AMF or SMF and replace legitimate network functions and therefore take full control of the communication.

The ultimate goal is to hijack legitimate data sessions with the water pump, simulated wind power plant as fan and light bulb.


Aalto 5G testbed includes all required network functions in order to install a fake network function (either AMF or SMF) that can be obtained from open-source repositories (examples mentioned below).

The malicious network function to be installed and taken into use by the other legitimate network functions.

The task is to find the right connection to the network and use that connection to activate the water pump, fan or light bulb using the fake network function. By using that connection e.g. instruct the network function to stop the connection or restart as they wish in order to demonstrate that the network cannot detect a malicious network function from a non-trusted vendor.

Tools for the challenge

Example libraries for creating fake network functions:

The Prize and how to win it

The one who highjacks control of “water pump” and “power plant” and install fake network function. Progress shall be observed by jury.

The first prize is 5 000 euros reward

The second prize is 3 000 euros reward

The third prize is 2 000 euros reward

How the solutions are judged

The prize will split into three phases where first one will be awarded to those hackers that can break into the virtualized platform where Aalto 5G core is running.

The second phase consists of deploying and running the fake network function in the virtualized platform together with the rest of legitimate network functions.

The third phase is finally achieved when legitimate network functions start using the fake network function to establish and terminate user data sessions.