Happy Days Ahead For 5G Hackers

Uploaded on 2019-10-24 in TECHNOLOGY-Key Areas-5G Networks, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Developments, TECHNOLOGY--Hackers

The fifth-generation mobile network is now live and it has downloads speeds almost 10 times faster than current rates and it is altering current connections and communications. 5G’s stronger encryption of data and better verification of network users are widely considered to be a significant improvement on 4G. But these new speeds also offer criminal hackers with more theft and attack potential.  

A research group academics from the University of Iowa and Purdue University, have found new security problems in 4G and 5G, which could be used to intercept and track the phone calls and locales of cell phone users.

“Our paper sheds light on an inherent design weakness of the 4G/5G cellular paging protocol which can be exploited by an attacker to not only obtain the victim’s paging occasion but also to identify the victim’s presence in a particular cell area just from the victim’s soft-identity, 9phone number, Twitter ID)  with a novel attack called ToRPEDO.” say the researchers.

ToRPEDO is tracking via paging and messaging and distribution – Tracking via Paging mEssage DistributiOn attack which identifies where a potential victim is located. 

The findings are said to be the first time vulnerabilities have affected both 4G and the incoming 5G standard, which promises faster speeds and better security, particularly against law enforcement use of cell site simulators, known as “stingrays.” 
But the researchers say that their new attacks can defeat newer protections that were believed to make it more difficult to snoop on phone users.

“Any person with a little knowledge of cellular paging protocols can carry out this attack,” said Syed Rafiul Hussain, one of the co-authors of the paper, told TechCrunch. 

Experts say that the weak link in 5G’s security is likely to be communication between devices connected to the Internet.  The problem is likely to occur because of the connections through the Internet of Things  which compromises the security of 5G technology via the employment of fake mobile base stations to steal information. 

These devices, known as the Internet of Things (IoT), where everything from cars and factory assembly lines to baby monitors and traffic lights have embedded internet-connected sensors, are growing fast. The number of internet-connected items will grow from 14.2bn to 25bn by 2021, according to Gartner.

As IoT devices connect to 5G networks, they could prove a tempting target for hackers and criminals. Experts say that security can be patchy for some IoT devices, especially low-cost and low-powered items. Hackers can use technology to scan hundreds of thousands of devices for weak security, such as those with the default passwords, “admin”, “guest” or “password”, that they were sold with.

Criminals have already exploited IoT devices, most notably in the “Mirai botnet” cyber-attack in 2016 when hundreds of thousands of cameras, routers and digital video recorders were used to bring down websites including Twitter, Spotify and the New York Times.

The criminals used two common types of cyber-attack: a “botnet”, which takes control of internet-connected devices and using them as weapons in a cyber-attack; and a “distributed denial of service” (DDOS), which overwhelms a network or website with more messages than it can handle. When hackers or criminals break into a device connected to 5G, the network’s speed will mean that they can extract and download information, including personal data and customer information, much faster than before.

Because IoT devices connect directly to the mobile internet, hackers will not have to circumvent the more stringent security of home or corporate networks.

There is also a risk that homes using 5G could become more vulnerable, experts say, if security software of fridges, smoke alarms and other “smart” devices connected to the internet is not updated. Companies may also face security headaches if employees use 5G networks rather than their corporate networks to send confidential data. 

FT.com          Techcrunch:        Documentcloud:        WeissRatings

You Might Also Read: 

5G Needs A New Generation Of Security:

Cybersecurity  And The EU's Regime For 5G Networks:

 

« E-Passports Can Be Remotely Hacked
The Cyberthreat Handbook »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Crossword Cybersecurity

Crossword Cybersecurity

We work with research intensive European university partners to identify promising cyber security intellectual property from research that meets emerging real-world challenges.

Paygilant

Paygilant

Paygilant’s disruptive technology is designed to protect mobile payment  financial transactions against fraudulent attacks, whether executed by NFC, QR code, P2P or in-app.

Sera-Brynn

Sera-Brynn

Sera-Brynn is one of the highest-ranked, pure-play cybersecurity compliance and advisory firms in the world.

BTblock

BTblock

Blockchain and cybersecurity is a vital combination for Enterprise success. BTblock is a Force Multiplier for its clients.

Pixm

Pixm

Pixm’s computer vision based approach offers a truly unique and effective means to protect organizations from web-based phishing attacks.

ClassNK Consulting Service (NKCS)

ClassNK Consulting Service (NKCS)

ClassNK Consulting provides consulting services to the maritime industry with a focus on safety, security and compliance.

Synamic Technologies

Synamic Technologies

Synamic Technologies was founded in 2018 as a start-up to automate cyber security processes. Our CISOSCOPE product automates vulnerability management, risk management and compliance.

BridgingMinds Network

BridgingMinds Network

BridgingMinds Network is an industry leading best practices and IT security training provider in Singapore.

OwnBackup

OwnBackup

OwnBackup proactively prevents you from losing mission-critical data and metadata with automated backups and rapid, stress-free recovery.

McCrary Institute - Auburn University

McCrary Institute - Auburn University

The McCrary Institute seeks practical solutions to real-world problems in the areas of cyber and critical infrastructure security.

Endor Labs

Endor Labs

Endor Labs gives developers and security teams the context they need to prioritize open source risk.

Allure Security

Allure Security

Allure Security AI-driven brand protection scans more of the online world for faster, more accurate detection & removal of spoof websites, social media & mobile apps -- before customers fall victim.

Uptime Institute

Uptime Institute

Uptime Institute is an unbiased advisory organization focused on improving the performance, efficiency, and reliability of business critical infrastructure.

Concertium

Concertium

Concertium is a complete cybersecurity partner equipped with the expertise and services to deliver end-to-end visibility and protection from evolving cyber threats.

Adaptive Security

Adaptive Security

Adaptive is a next-generation cybersecurity platform. We're working with pioneering security teams to protect critical systems from AI-powered cyber attacks.

MirrorTab

MirrorTab

MirrorTab is a cyber security company providing advanced web security solutions that defend web applications against cyber threats like hacking and malware.