In today's digital era, wireless communication technologies such as 5G, 4G, and Wi-Fi have become essential infrastructure in our daily lives. These networks commonly employ advanced encryption protocols that theoretically provide effective protection for user communications. However, recent research findings published at EuroS&P 2025 by our Tencent Xuanwu Lab in collaboration with Professor Chen Jianjun's team from Tsinghua University have revealed a new security vulnerability called LenOracle. This research demonstrates that attackers can exploit radio frame length information as a side-channel to hijack TCP/UDP connections in encrypted networks without breaking the wireless encryption. We conducted tests in real commercial LTE networks and Wi-Fi environments, successfully injecting a forged short message into a victim device in TCP scenarios and polluting the victim device's DNS cache in UDP scenarios, demonstrating the potential destructive power of this attack on critical network services.

Last night, I came across an article in a WeChat group about how a family member's phone was stolen, and criminal gangs used the SIM card (primarily SMS verification codes) as their entry point to launch a series of attacks. Although the author took timely remedial measures, these attacks still caused significant losses to the victim, such as unauthorized micro-loans. I reflected on why this attack succeeded and how to defend against such attacks, and I'm sharing my thoughts here.