5G Security: Possible Risks & Challenges

Uploaded on 2020-04-15 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY-Key Areas-5G Networks, TECHNOLOGY--Developments

5G is taking the world by storm. This game-changing technology takes mobile connectivity to a whole new level by introducing jaw-dropping speeds and low latency. Furthermore, its network capacity can reach a million devices per square kilometer, which is ten times the maximum number supported by 4G. 

Whereas the dramatic change in the millimeter-wave frequency spectrum used by 5G compared to its predecessor doesn’t really explain anything to the average person, there are tangible benefits that make a difference and can be noticed with the naked eye.

The speeds can reach 2Gbit/s at the dawn of 5G deployment and will theoretically grow to 100Gbit/s as the technology evolves. That’s up to 100 times faster than 4G. Reduced latency is another breakthrough, allowing data to arrive at its destination about five times quicker.

A simple example of how this improves the user experience is that there is absolutely no buffering time when watching a 4K quality video on a mobile device. Uploading and downloading gigabytes of data is a matter of mere seconds in 5G networks, which transforms the way users interact with numerous cloud-based services. Also, wirelessly connected entities constituting the Internet of Things (IoT), including self-driving cars and smart home appliances, will be able to operate reliably and seamlessly. An extra factor on the plus side of 5G is that people can enjoy fully-fledged connectivity in places where cable modem and Wi-Fi are unavailable.

Having started with field testing and somewhat scattershot regional roll-outs in 2019, the deployment of 5G is currently accelerating around the globe.

In the United States, the European Union, and East Asia, the process of launching next-generation commercial networks is in full swing, occasionally taking place ahead of schedule.To keep up with this telco evolution, all major smartphone manufacturers have already released devices that support 5G. Furthermore, market analysts predict that these gadgets will account for 15% of all global smartphone shipments in 2020. Aside from smartphones, a plethora of different IoT solutions will be heavily relying on high-speed connectivity in the near future.

The booming 5G tech is gradually shaping up to be the mainstay of digital economies going forward. When there is so much at stake, governments and service providers need to make sure the network deployment is flawless in terms of security.

Cybercriminals will undoubtedly look for ways to compromise the emerging communication protocols and thereby orchestrate massive data breaches. The concerns escalate in light of the tightening connection between 5G and ubiquitous cloud computing.

The government-level 5G risk assessment process is now underway in the EU. A report released by the member states singles out the security and privacy pitfalls that may accompany fifth-generation network rollouts. Below is a summary of the experts’ findings.

5G Vendor Monopoly Issue
One of the key points expressed in the report is that the EU will have to rely on a single manufacturer of network equipment, the Chinese vendor Huawei. Despite the fact that the name of this technology company isn’t directly mentioned in the document, the implied cooperation is common knowledge.The potential problems stemming from the monopoly position of the supplier include a possible lack of equipment, dependence on the contractor’s commercial welfare, and cyber-attacks targeting its digital infrastructure. The recent outbreak of the coronavirus in China could become an additional factor undermining mainstream 5G deployment.

Researchers emphasize that such a collaboration has a single point of failure. The manufacturer can be subject to economic sanctions or other forms of commercial pressure. A hypothetical merger or acquisition scenario may also prevent the company from following its obligations.

One more thing to consider is that there are close ties between the vendor and the government of the state it’s headquartered in. This can be a source of politically-motivated tampering with the company’s business processes. Moreover, the scarcity of data protection commitments shared by the EU and the country of the supplier’s origin is yet another possible obstacle to a hassle-free partnership.

According to the European Union, an increasingly strong link between the EU member states’ telecommunication networks and third-party software underlying them is a serious threat as well. Since the vendor will have a significant scope of access to all the data in transit, malicious actors will be tempted to hack these solutions and intercept the information.

Other Stumbling Blocks 
In addition to the solo vendor issue that implies a major dependency on third-party telco gear and applications, secure 5G implementation may also be hampered by quite a few more circumstances revolving around the technical nature of these systems. Here is the lowdown on these vulnerabilities.

● A greater number of attack vectors
The growing role of software in fifth-generation networks is deemed as one of their weak links. It makes them highly susceptible to compromise that piggybacks on security loopholes, including zero-day exploits that may be unearthed down the road. Such imperfections can become a launchpad for cyber incursions that will allow an adversary to gain a foothold in different tiers of the 5G network architecture. The potential outcomes can range from man-in-the-middle (MITM) attacks to large-scale disruption of the services based on wireless connectivity.

For instance, malefactors may insert a backdoor into an application involved in the 5G implementation chain. To do it, they can take advantage of a known or undocumented vulnerability arising out of the supplier’s poor software development practices. Aside from that, a phishing hoax might be used to wheedle out the sensitive credentials of the software engineers and thereby get unauthorized access to the application. The backdoor will allow the attackers to modify the program’s behavior, deposit malware, or steal users’ data.

Cybercriminals may also try to execute an ARP spoofing attack against a mobile carrier’s IT network by flooding it with rogue Address Resolution Protocol packets. This way, the MAC address of the attacker’s device will become associated with the IP address of the default gateway in the telco service provider’s network. In plain words, the threat actor will be able to impersonate a trusted user to intercept, change, or stop any traffic intended for that IP address.
Distributed denial-of-service (DDoS) attacks pose a growing risk to 5G networks and the entities relying on them. According to Statista, the total number of IoT devices in use worldwide will reach 75 billion by 2025, up from 30 billion in 2020. This ecosystem will be expanding dramatically and so will botnets that harness crudely secured IoT devices to fuel massive DDoS incursions targeting major web services.

As a matter of fact, incidents like that have already occurred in the past. The notorious Mirai malware outbreak in 2016 demonstrated how disruptive this attack vector can get. The infection enslaved more than 600,000 unprotected CCTV cameras and routers to execute a series of 1 Tbps DDoS raids. With the rapidly increasing number of 5G-enabled smart gadgets, the likes of Mirai will be booming and the issue will undoubtedly escalate.

● Network slicing security needs an overhaul
5G is expected to bolster the functioning of virtualized ecosystems referred to as “slices,” which host critical services and utilities used by businesses and government networks. Providing proper security of these independent logical networks that reside within the same physical infrastructure is an increasingly serious challenge. Experts have yet to develop effective mechanisms for isolating these slices in the all-new 5G paradigm to thwart data leaks and other forms of intrusions.

●  Meager software update procedures
As previously mentioned, next-generation wireless networks will depend on software to a much bigger extent than the predecessors did. Obviously, seamless application maintenance practices are going to be the pivot of their uninterrupted operation. In particular, software update management will need to catch up with security issues in terms of vulnerabilities and technical bugs and address these flaws before threat actors add them to their repertoire.

● Obsolete standards
Aligning the peculiarities of 5G networks with international and state-level security regulations is a work in progress. The protocols developed by the 3rd Generation Partnership Project (3GPP) organization, which are currently in effect, extensively cover requirements for earlier mobile telephony systems (GSM, UMTS, and LTE) but don’t fully embrace all aspects of 5G standardization at this point. Elaborating the entirety of new security regulations is a matter of trial and error combined with in-depth research that has yet to be conducted.

● Lack of trained personnel
As promising as it is, the 5G technology is also a Pandora’s box filled with opportunities for cybercriminals who will definitely explore it for weaknesses. With that said, the security industry should work proactively to stay on top of new methods as they complement the malefactors’ toolkit. An important prerequisite for bridging this imminent gap is to nurture the expertise of security professionals so that they can identify and fix network imperfections by means of penetration testing and other techniques.

The personnel will need to collaborate more tightly with software suppliers to get a profound understanding of how the new applications work and what exploitation mechanisms they are potentially susceptible to. Furthermore, penetration testers who think like attackers can probe the IT infrastructure of 5G providers and contractors for weaknesses by orchestrating trial network incursions. This will allow the industry to prioritize the areas that need urgent improvement in terms of security.

Final thoughts
5G will become one of the core elements of the global digital economy in the years to come. Therefore, securing these high-tech networks is a top priority for governments and all the parties involved in the deployment workflow. Hopefully, the white hats will team up and succeed in staying one step ahead of the adversaries to make sure people benefit from this awesome technology to the fullest.

David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. He runs Privacy-PC.com.
 
You Might Also Read: 
 

The US Has A New 5G Security Strategy:

 

 

« Cyber Resilience Benchmarks - Missed
Japan's New AI-Based Cyber Defence System »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clusit

Clusit

Clusit is the Italian Association for Information Security, a nonprofit organization devoted to promoting every aspect of information security.

SafeCharge

SafeCharge

SafeCharge is a global provider of technology-based multi-channel payments services and risk management solutions for demanding businesses.

Gita Technologies

Gita Technologies

Gita Technologies works to create integrated solutions to the thorniest problems in the field of intelligence and cyber today.

ThreadStone Cyber Security

ThreadStone Cyber Security

ThreadStone Cyber Security offer reliable, practical and affordable cyber security solutions for both large and smaller organizations that we develop and deliver ourselves from Europe.

Cyber Police of Ukraine

Cyber Police of Ukraine

Cyber Police of Ukraine is a law enforcement agency within the the Ministry of Internal Affairs of Ukraine dedicated to combating cyber crime.

Elitecyber Group

Elitecyber Group

Elitecyber group is a team of Cyber Security recruitment experts who work for Cyber Security and Cyber Defence clients and candidates throughout Europe.

Asset Guardian Solutions (AGSL)

Asset Guardian Solutions (AGSL)

Asset Guardian are dedicated to protecting the integrity of process control systems software that is used to control operations and production processes.

Apozy

Apozy

Apozy replaces a secure web gateway to nullify phishing, malware and impersonation attacks.

SecuLetter

SecuLetter

SecuLetter is able to detect unknown attacks with hybrid approaches, static and dynamic analysis.

Sonrai Security

Sonrai Security

Sonrai Security delivers an enterprise security platform focused on identity and data protection inside AWS, Azure, and Google Cloud.

Injazat

Injazat

Injazat Data Systems is an industry recognized market leader in the Gulf region for Information Technology, Data Center and Managed Services.

INVISUS

INVISUS

INVISUS protects businesses against the latest cyber risks – including business and employee identity theft, data breaches, and cybersecurity compliance.

Periculus

Periculus

Periculus makes managing digital risk simple. Its integrated platform offers access to purchase cyber insurance and cyber security solutions uniquely tailored to fit the needs of every business.

MAXXeGUARD Data Safety

MAXXeGUARD Data Safety

MAXXeGUARD: The High Security Shredder. MAXXeGUARD easily destroys hard disks up to the highest security levels as well as other digital data carriers like SSD’s, LTO’s, USB’s, CD’s etc.

Siren

Siren

Siren provides the leading Investigative Intelligence Platform to some of the world’s leading Law Enforcement, National Security and Cyber threat investigators.

PDI Technologies

PDI Technologies

PDI Technologies helps convenience retail and petroleum wholesale businesses around the globe increase efficiency and profitability by securely connecting their data and operations.