This work exposes a critical security vulnerability in 5G network slicing allocation stemming from the absence of integrity protection: a malicious gNodeB can launch man-in-the-middle attacks to forge slice requests and hijack UE connections, causing QoS degradation and resource contamination. We propose, for the first time, a stealthy slice forgery attack model exploiting legitimate yet insecure configurations—such as ciphering-only algorithm 5G-EA0—enabling cross-layer resource scheduling hijacking without triggering core network alarms. Through rigorous threat modeling, risk analysis, and validation on a real-world 5G testbed, we demonstrate that the attack induces systemic resource saturation: bandwidth drops by 95%, end-to-end latency increases by 150%, packet loss exceeds 60%, and UPF CPU utilization reaches 80%. This constitutes a highly stealthy, integrity-based denial-of-service threat. Our findings provide empirical evidence and novel defensive insights for designing integrity mechanisms in 5G network slicing.

The advent of 5G networks, with network slicing as a cornerstone technology, promises customized, high-performance services, but also introduces novel attack surfaces beyond traditional threats. This article investigates a critical and underexplored integrity vulnerability: the manipulation of network slice allocation to compromise Quality of Service (QoS) and resource integrity. We introduce a threat model, grounded in a risk analysis of permissible yet insecure configurations like null-ciphering (5G-EA0), demonstrating how a rogue gNodeB acting as a Man-in-the-Middle can exploit protocol weaknesses to forge slice requests and hijack a User Equipment's (UE) connection. Through a comprehensive experimental evaluation on a 5G testbed, we demonstrate the attack's versatile and severe impacts. Our findings show this integrity breach can manifest as obvious QoS degradation, such as a 95% bandwidth reduction and 150% latency increase when forcing UE to a suboptimal slice, or as stealthy slice manipulation that is indistinguishable from benign network operation and generates no core network errors. Furthermore, we validate a systemic resource contamination attack where redirecting a crowd of UE orchestrates a Denial-of-Service, causing packet loss to exceed 60% and inducing measurable CPU saturation (~80%) on core network User Plane Functions (UPFs). Based on these results, we discuss the profound implications for Service Level Agreements (SLAs) and critical infrastructure. We propose concrete, cross-layer mitigation strategies for network operators as future work, underscoring the urgent need to secure the integrity of dynamic resource management in 5G networks.