The O-RAN Y1 interface, while enhancing Radio Access Information (RAI) sharing, introduces novel security threats—malicious Y1 consumers can exploit RAI to launch precise, low-duty-cycle selective jamming attacks. Method: This paper proposes the first Y1-based assisted jamming model, integrating DBSCAN clustering and adaptive threshold detection, implemented on a real-world LTE/5G O-RAN over-the-air testbed to achieve efficient and covert jamming. Contribution/Results: Experiments demonstrate that threshold-based jammers reduce transmission duration by 27% under unconstrained conditions, while cluster-based jammers—activated only 25% of the time under resource constraints—induce up to 18.1% user throughput degradation. The study uncovers a fundamental trade-off between jamming efficacy and stealth, providing critical empirical evidence and methodological foundations for O-RAN interface security assessment and defense mechanism design.

The Y1 interface in O-RAN enables the sharing of RAN Analytics Information (RAI) between the near-RT RIC and authorized Y1 consumers, which may be internal applications within the operator's trusted domain or external systems accessing data through a secure exposure function. While this visibility enhances network optimization and enables advanced services, it also introduces a potential security risk -- a malicious or compromised Y1 consumer could misuse analytics to facilitate targeted interference. In this work, we demonstrate how an adversary can exploit the Y1 interface to launch selective jamming attacks by passively monitoring downlink metrics. We propose and evaluate two Y1-aided jamming strategies: a clustering-based jammer leveraging DBSCAN for traffic profiling and a threshold-based jammer. These are compared against two baselines strategies -- always-on jammer and random jammer -- on an over-the-air LTE/5G O-RAN testbed. Experimental results show that in unconstrained jamming budget scenarios, the threshold-based jammer can closely replicate the disruption caused by always-on jamming while reducing transmission time by 27%. Under constrained jamming budgets, the clustering-based jammer proves most effective, causing up to an 18.1% bitrate drop while remaining active only 25% of the time. These findings reveal a critical trade-off between jamming stealthiness and efficiency, and illustrate how exposure of RAN analytics via the Y1 interface can enable highly targeted, low-overhead attacks, raising important security considerations for both civilian and mission-critical O-RAN deployments.