The BugBash initiative: A collaborative security endeavour
In October 2025, Deutsche Telekom and Bugcrowd brought together nine professional security researchers from six countries for an extraordinary experiment in cybersecurity. The goal: to exploit a live 5G network set up just for testing, and try to bring it down. The event – held at Deutsche Telekom’s headquarters in Bonn, builds on multiple years of successful BugBash events Bugcrowd designed with T-Mobile US to strengthen defenses against cybercriminals and better protect customers, employees, and data.
Why cybersecurity is critical for 5G
5G technology is the backbone of our hyper-connected society, reaching far beyond mobile communications into critical sectors – from healthcare and manufacturing to logistics, ports and airports, and large-scale processing industries. As the attack surface increases, cybersecurity becomes paramount – not just for operational reliability, but to safeguard the very foundation of digital economies and societies. The complexity of 5G architecture, with features like network slicing, distributed edge deployments, and cloud-native designs, demands proactive resilience.
At Ericsson, we see cybersecurity not as an add-on, but as a core design principle. Protecting the integrity, confidentiality, and availability of data across such a complex environment requires continuous testing and a proactive mindset. Through initiatives like the BugBash, Ericsson reinforces its "secure-by-design" philosophy.
Real-world testing – beyond the lab
Traditional lab-based testing remains essential for validating network security under controlled conditions, but it cannot fully replicate the dynamics of real-world networks. The BugBash provided exactly that: an unpredictable, high-intensity environment where diverse teams of security researchers applied creative, unconventional attack methods. Their task was to probe a dedicated, private 5G standalone (SA) network built on Ericsson’s Private 5G (EP5G) solution – isolated from any commercial network yet replicating realistic enterprise use cases.
For five days, the teams tested across three attack vectors – physical, remote, and via antenna – with full freedom to explore potential weaknesses. Ericsson’s Private 5G solution played a central role in the event, complemented by a dedicated team of engineers and security specialists onsite to provide support.
Validating resilience through open collaboration
The results were both reassuring and instructive. Deutsche Telekom’s CISO Dr. Stefan Pütz noted that while some services were disrupted, the built-in security controls “proved surprisingly strong.”
The participating researchers showcased advanced techniques attackers could use to target 5G infrastructure – from crafting custom software-defined radio antennas to intercept signals, to identifying encryption vulnerabilities through hardware ports. Despite these challenges, Ericsson’s security controls demonstrated exceptional resilience under diverse simulated attacks from multiple vectors – leaving the team of security researchers unable to gain unauthorized access or extract any sensitive information.
Core protection mechanisms – such as authentication, encryption, and traffic management – performed exceptionally well under stress, validating our secure-by-design approach, adequate product hardening, and continuous investment in robust, proactive defense – fully aligned with enterprise-grade expectations.
Security is a team effort
Cybersecurity in telecom is inherently collaborative. Events like BugBash highlight the importance of bringing diverse perspectives into cybersecurity testing. Working alongside security researchers revealed new attack patterns and tools, broadening Ericsson’s understanding of security challenges and strengthening its internal security practices.
The collaboration extended beyond equipment and testing; the event with Deutsche Telekom, T-Mobile US, and Bugcrowd not only enhanced technical learning but also deepened our shared commitment to safeguarding 5G networks across regions. The findings confirmed the robustness of Ericsson’s security design principles while offering valuable insights for enhancing future 5G products and frameworks – principles that are continuously adapted to meet the evolving security needs of the enterprise world.
What’s next for 5G security?
The BugBash in Bonn was a unique event – and a strong reflection of Ericsson’s ongoing commitment to strengthening cybersecurity practices. By continuously evolving our defenses with real-world insights, we ensure our technology remains resilient against emerging threats. Follow-up tests and innovative initiatives are already on Ericsson’s roadmap: we plan to expand our collaboration with operators and security researchers worldwide.
Ericsson’s participation in the BugBash event reinforced two key principles: security is a shared responsibility across the telecom ecosystem, and innovation thrives on collaboration. As industries and societies increasingly rely on 5G networks, strengthening cybersecurity through continuous testing and cooperation is crucial. The BugBash exemplifies Ericsson’s dedication to protecting tomorrow’s connected world – fostering an open ecosystem that is built on transparency, innovation, and trust.
Read more
Telecom security for a safer connected world
Transforming enterprise security with private 5G
Cybersecurity Testing and Certification
Learn how network slicing enables customized connectivity with assured performance for enterprise, consumer and industry-specific services.
