Happy Days Ahead For 5G Hackers

Uploaded on 2019-10-24 in TECHNOLOGY-Key Areas-5G Networks, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Developments, TECHNOLOGY--Hackers

The fifth-generation mobile network is now live and it has downloads speeds almost 10 times faster than current rates and it is altering current connections and communications. 5G’s stronger encryption of data and better verification of network users are widely considered to be a significant improvement on 4G. But these new speeds also offer criminal hackers with more theft and attack potential.  

A research group academics from the University of Iowa and Purdue University, have found new security problems in 4G and 5G, which could be used to intercept and track the phone calls and locales of cell phone users.

“Our paper sheds light on an inherent design weakness of the 4G/5G cellular paging protocol which can be exploited by an attacker to not only obtain the victim’s paging occasion but also to identify the victim’s presence in a particular cell area just from the victim’s soft-identity, 9phone number, Twitter ID)  with a novel attack called ToRPEDO.” say the researchers.

ToRPEDO is tracking via paging and messaging and distribution – Tracking via Paging mEssage DistributiOn attack which identifies where a potential victim is located. 

The findings are said to be the first time vulnerabilities have affected both 4G and the incoming 5G standard, which promises faster speeds and better security, particularly against law enforcement use of cell site simulators, known as “stingrays.” 
But the researchers say that their new attacks can defeat newer protections that were believed to make it more difficult to snoop on phone users.

“Any person with a little knowledge of cellular paging protocols can carry out this attack,” said Syed Rafiul Hussain, one of the co-authors of the paper, told TechCrunch. 

Experts say that the weak link in 5G’s security is likely to be communication between devices connected to the Internet.  The problem is likely to occur because of the connections through the Internet of Things  which compromises the security of 5G technology via the employment of fake mobile base stations to steal information. 

These devices, known as the Internet of Things (IoT), where everything from cars and factory assembly lines to baby monitors and traffic lights have embedded internet-connected sensors, are growing fast. The number of internet-connected items will grow from 14.2bn to 25bn by 2021, according to Gartner.

As IoT devices connect to 5G networks, they could prove a tempting target for hackers and criminals. Experts say that security can be patchy for some IoT devices, especially low-cost and low-powered items. Hackers can use technology to scan hundreds of thousands of devices for weak security, such as those with the default passwords, “admin”, “guest” or “password”, that they were sold with.

Criminals have already exploited IoT devices, most notably in the “Mirai botnet” cyber-attack in 2016 when hundreds of thousands of cameras, routers and digital video recorders were used to bring down websites including Twitter, Spotify and the New York Times.

The criminals used two common types of cyber-attack: a “botnet”, which takes control of internet-connected devices and using them as weapons in a cyber-attack; and a “distributed denial of service” (DDOS), which overwhelms a network or website with more messages than it can handle. When hackers or criminals break into a device connected to 5G, the network’s speed will mean that they can extract and download information, including personal data and customer information, much faster than before.

Because IoT devices connect directly to the mobile internet, hackers will not have to circumvent the more stringent security of home or corporate networks.

There is also a risk that homes using 5G could become more vulnerable, experts say, if security software of fridges, smoke alarms and other “smart” devices connected to the internet is not updated. Companies may also face security headaches if employees use 5G networks rather than their corporate networks to send confidential data. 

FT.com          Techcrunch:        Documentcloud:        WeissRatings

You Might Also Read: 

5G Needs A New Generation Of Security:

Cybersecurity  And The EU's Regime For 5G Networks:

 

« E-Passports Can Be Remotely Hacked
The Cyberthreat Handbook »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Andrisoft

Andrisoft

Andrisoft develops WANGUARD, an anti-DDoS Software solution that monitors IP traffic using packet-based and flow-based Sensors, and protects networks

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

Airbus Cybersecurity

Airbus Cybersecurity

Airbus CyberSecurity is a European specialist in cyber security. Our mission is to protect governments, military and critical national infrastructure enterprises from cyber threats.

CMMI Institute

CMMI Institute

CMMI Institute enables organizations to elevate and benchmark performance across a range of critical business capabilities, including product development, data management and cybersecurity.

DFI

DFI

DFI is a global leading provider of high-performance computing technology across multiple embedded industries.

Amadeus Capital Partners

Amadeus Capital Partners

Amadeus Capital Partners offers over 20 years’ experience in technology investment. Our areas of focus include AI & machine learning and cyber security.

Alias Robotics

Alias Robotics

Alias Robotics is a robot cyber security company. We deliver cyber security solutions for robots and robot components.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

MedSec

MedSec

MedSec is the only company of its type focused solely on cybersecurity for hospitals and medical device manufacturers, offering both a cybersecurity software solution and consulting services.

Ministry of Electronics & Information Technology (MeitY)

Ministry of Electronics & Information Technology (MeitY)

The Ministry of Electronics & Information Technology is an executive agency responsible for IT policy, strategy and development of the electronics industry.

Cyber Legion

Cyber Legion

Cyber Legion Ltd is a UK-based Cyber Security as a Service (CSaaS) start-up that provides IT security testing services to various organizations around the globe.

OneZero Solutions

OneZero Solutions

OneZero specialize in cybersecurity operations, information assurance, computer network operations, solutions engineering, and project management.

Systal Technology Solutions

Systal Technology Solutions

Systal is a global managed network and security service and transformation specialist. We help enterprise-level businesses maximise the security and business value of their complex IT infrastructure.

Radix Technologies

Radix Technologies

Radix offer end-to-end device management solutions, consolidating all the organization devices, processes and stakeholders into one easy-to-use management platform.

View

View

View is the leader in smart building technologies including OT cybersecurity to securely connect buildings to the cloud and manage building networks and OT devices.

BARR Advisory

BARR Advisory

At BARR Advisory, we build trust through cyber resilience. We help protect the world’s data, people, and information networks through a human-first approach to cybersecurity and compliance.