Industrial 5G user equipment (UE), such as robotic systems, lacks comprehensive, automated security assessment methodologies. Method: This paper proposes the first end-to-end automated security testing framework for industrial 5G UEs. It jointly verifies the correctness of high-layer security protocols (e.g., TLS) and conformance to 3GPP protocol stack specifications, integrating protocol fuzzing, specification-compliance checking, TLS handshake behavior analysis, and a plugin-based extensible engine. Contribution/Results: Unlike fragmented existing approaches, our framework enables integrated, full-stack security validation of industrial UEs. Experimental evaluation demonstrates its effectiveness in identifying diverse protocol implementation flaws and configuration deviations, achieving significantly improved test coverage and execution efficiency. To the best of our knowledge, this work is the first to bridge the critical gap in holistic security evaluation of industrial 5G endpoints.

With the ongoing adoption of 5G for communication in industrial systems and critical infrastructure, the security of industrial UEs such as 5G-enabled industrial robots becomes an increasingly important topic. Most notably, to meet the stringent security requirements of industrial deployments, industrial UEs not only have to fully comply with the 5G specifications but also implement and use correctly secure communication protocols such as TLS. To ensure the security of industrial UEs, operators of industrial 5G networks rely on security testing before deploying new devices to their production networks. However, currently only isolated tests for individual security aspects of industrial UEs exist, severely hindering comprehensive testing. In this paper, we report on our ongoing efforts to alleviate this situation by creating an automated security testing framework for industrial UEs to comprehensively evaluate their security posture before deployment. With this framework, we aim to provide stakeholders with a fully automated-method to verify that higher-layer security protocols are correctly implemented, while simultaneously ensuring that the UE's protocol stack adheres to 3GPP specifications.