The Security Missing From 5G
For all of the excitement about the coming 5G mobile networks, there are a few words of caution from security experts.
There's a lot of excitement over how the upcoming 5G network will offer super-fast speeds and virtually no latency to everyone using it.
Businesses are particularly hopeful that the greater capacity 5G offers will let them reliably use more bandwidth-intensive apps simultaneously. The increased potential of the network will also likely facilitate better product development and more productive processes.
However, in their eagerness to adopt the service, individuals and businesses must not overlook security concerns.
Researchers found issues with the 5G communication standards
A team of researchers discovered issues with the 5G security protocol, known as Authentication and Key Agreement (AKA). They uncovered the shortcomings when using Tamarin, a tool considered among the most effective options for examining cryptographic protocols. The AKA is a standard associated with a communications protocol organization called the 3rd Generation Partnership Project (3GPP).
The type of AKA associated with 5G should ensure that a device and a 5G network can authenticate each other while maintaining a confidential data exchange and keeping the user's identity and location private. However, the researchers say, in its current state, the AKA could not fulfill those security aims because the requirements it sets forth are not sufficiently precise.
The team of researchers emphasized their belief that the AKA security for 5G would be superior to the AKA used in 3G and 4G network protocols. It still has gaps, though, including one that shows a phone's presence in the vicinity without disclosing its owner's identity. Moreover, this vulnerable version of the AKA could result in a person getting wrongfully charged for a third party's usage of the 5G network.
The published paper about these findings recommends fixes. They include explicitly requiring intended security properties currently missing from the AKA and modifying the key-confirmation component so it offers a provably secure solution. Overall, the researchers say the AKA does not adequately protect privacy from active attackers but admit remedying that problem would not be straightforward.
In an attempt to implement more security in the AKA, the researchers have reached out to 3GPP and hope to engage in a joint effort to improve the protocol before 5G's widespread rollout. Also, the European Union Agency for Network and Information Security, or ENISA, released a different report warning that identified flaws with signaling protocols on the 2G, 3G and 4G networks could appear in the 5G network.
DDoS and SIM card attacks could be more severe
Findings from Ericsson show there could be 3.5 billion Internet of Things units by 2023 — equalling five times the number of connected devices used now. Additionally, the company forecasts that 5G networks will spur the growth of Internet-connected devices.
People became familiar with the security weaknesses of IoT devices when cybercriminals first targeted them with distributed denial of service attacks several years ago.
An insecure 5G network sets the stage for increasingly widespread attacks due to 5G's high-speed bandwidth, which increases the available attack points. It's not difficult to imagine a business using IoT sensors within a factory setting and getting shut down due to a DDoS attack.
Chip architecture company Arm is working on a software stack that would let IoT devices run with SIM card chips, thereby making them similar to smartphones with mobile data plans. Then, it would not be necessary to connect IoT devices via Wi-Fi. However, hackers can attack SIM cards and make them unusable. They can also distribute malware through text messages during SIM card attacks.
It's too soon to say whether hackers will exploit SIM vulnerabilities in IoT devices that may eventually include them, but the possibility is there. In any case, it's evident that the opportunities 5G offers could spur hackers' efforts to launch increasingly devastating attacks using methods people already know, as well as wholly new techniques.
Some risks aren't yet apparent
“5G doesn’t necessarily changes the risk factors we have today,” says Tom Lally, vice president of sales for data storage and management company, DataSpan, Inc. “But it is going to exponentially increase the threat vectors and opportunities for attackers to exploit.”
“5G is going to enable businesses to connect more and more devices at higher speeds so more data can be consumed at much faster rates,” he says. “Thus, increasing the capacity and data flows in and out of the datacenter. So if you have more devices connected and more traffic flows, then you have more potential vulnerabilities derived from the increase in new vectors.”
“It’s going to become more important than ever to have proper monitoring, be able to identify attacks once inside, and have the capability to respond effectively, to remediate any potential issue,” says Lally. “At the end of the day, you’re still looking for anomalies, you’re just going to have more. So the ability to swiftly identify and respond will be critical to minimizing risk.”
It is both valuable and admirable that researchers endeavored to bring the security concerns mentioned here to light. However, it's crucial for people to remember that 5G is a pioneering technology. Besides these potential problems, there are inevitable risks not anticipated yet in these early stages.
Conversely, there are unforeseen benefits that are more specific than the advantages so often highlighted in media coverage of the 5G network. For example, some of the inventions people rely on soon might not have been possible to develop on older networks. In order to enjoy all those advantages to the fullest, it's necessary to continually prioritize 5G network security.
About the Author
You May Also Like