Security Risks In 5G Mobile

Uploaded on 2023-01-03 in TECHNOLOGY--Resilience, TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY-Key Areas-5G Networks

5G is a shorthand term that stands for the fifth generation of wireless cellular networks. With 5G networks, billions of devices and the Internet of Things (IoT) are interconnectible, leading to use cases like smart cities, AR/VR on mobile networks, remote medicine and much more. 

The potential applications are widely considered to be almost without limit. However, the massive potential and almost unlimited connectivity bring many challenges, not least are the security capabilities which are a critical element for 5G's success. The baseline is that 5G networks are not secure by design.

Firms setting up private 5G networks must design and install appropriate tools to encrypt sensitive message traffic, block IT attacks against x86-based servers, and protect OT protocols and equipment from tampering. The US National Security Agency (NSA) has now issued a report outlining the cyber security threats related to mobile broadband 5G network slicing. 

Network slicing allows operators to bring together several network attributes or components, potentially across multiple operators, which support specific applications or services for 5G users.

While efficient for delivering services, 5G network slicing casts a wide threat net that includes potential weak points in policy and standards, the supply chain as well as other issues. "Although network slicing is not solely unique to 5G, it is a critical component because 5G specifications call for network slicing as a fundamental component and therefore require network operators to adopt security practices that can mitigate threats like those described in this paper," according to the NSA report. 

Potential threats include denial of service (DoS), man-in-the-middle (MitM) attacks, and configuration attacks, it added.

The NSA, along with the Cybersecurity and Infrastructure Security Agency (CISA), assembled members of the public and private sectors to address 5G slicing security concerns. The 5G cyber security report looks toward how the architecture will play a role in enabling emerging technologies, including autonomous vehicles, and how to secure it. With these additions and changes, however, new security risks and additional attack surfaces must be addressed.

5G Security Risks 

Increased attack surface:   With millions and even billions more connected devices, 5G makes it possible for larger and more dangerous attacks. Current and future vulnerabilities of the existing internet infrastructure are only exacerbated. The risk of more sophisticated botnets, privacy violations, and faster data extraction can escalate with 5G.

More IoT, more problems:   IoT devices are inherently insecure; security is often not built-in by design. Each insecure IoT device on an organization’s networks represents another potential hole that an attacker can expose.

Decreased network visibility:   With 5G, our networks will only expand and become more usable by mobile users and devices. This means much more network traffic to manage. But without a robust wide area network (WAN) security solution like Secure Access Service Edge (SASE) in place, companies may not be able to gain the network traffic visibility required to identify abnormalities or attacks.

Increased supply chain and software vulnerabilities:   Currently and for the foreseeable future, 5G supply chains are limited. Vulnerabilities exist, particularly as devices are rushed to market, increasing the potential for faulty and insecure components. 

Data collection:   This is another major concern for 5G users. Virtually all smartphone applications require users' personal information before or during installation. 

App and software developers rarely mention how and where that data is stored and what it is going to be used for. 5G networks have no physical boundaries and use cloud-based data storage.  Consequently, 5G operators cannot protect or control user data stored in cloud environments. 

As each country has different levels of privacy measures and enforcement, user privacy is seriously challenged if and when the data is stored in the cloud of a different country.  Compared to traditional mobile networks, 5G is also more reliant on software, which elevates the risk of exploitation of the network infrastructure.

NSA:     Trend Micro:        Nokia:      Kaspersky:      ATT:       Dark Reading

You Might Also Read: 

Smartphones Are More Vulnerable Than You Think:

 

« Biden Signs Quantum Cyber Security Act
Multi-Factor Authentication Is No Shortcut To Cyber Resilience »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Karamba Security

Karamba Security

Karamba provide an IoT Security solution for ECUs in automobiles which ensures that all cars are protected (not just autonomous cars).

IntelliGO Networks

IntelliGO Networks

IntelliGO Networks is a cybersecurity company focused on Managed Detection and Response (MDR).

Cyberwatch

Cyberwatch

Cyberwatch is a Vulnerability Scanner & Fixer software that helps you to detect and fix the vulnerabilities of your Information System.

MNCERT/CC

MNCERT/CC

MNCERT/CC is the national Computer Emergency Response Team for Mongolia.

Cyber Risk Agency

Cyber Risk Agency

Cyber Risk Agency is a cybersecurity consulting firm specializing in managing cyber risks for SMEs.

Neupart

Neupart

Neupart provides Information Security Management System, Secure ISMS, allowing organisations to automate IT Governance, Risk and Compliance management.

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling and Data Destruction protect the environment and your data with proven and trusted electronics recycling and data destruction services.

JM Search

JM Search

JM Search’s Information Technology Executives Practice sources the most sought-after technology roles including CIO, CTO, CISO, CDO and other senior posts.

Cutting Edge Technologies (CE Tech)

Cutting Edge Technologies (CE Tech)

CE Tech is a Next Generation Technology Partner providing advanced technology infrastructure solutions through partnerships with leading technology providers.

Dynatrace

Dynatrace

Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation.

Infoline Tec Group Berhad

Infoline Tec Group Berhad

Infoline Tec Group Berhad is principally involved in providing IT infrastructure solutions, cybersecurity service provider and solutions, managed IT and other IT services.

Fulcrum Technology Solutions

Fulcrum Technology Solutions

The Fulcrum team of technologists are recognized experts in the fields of IT Infrastructure Technology, Security, Service Management and Support.

CipherStash

CipherStash

CipherStash is a complete data governance and breach prevention platform.

Hiya

Hiya

Hiya's mission is to secure voice with trust, identity and intelligence. We're protecting people from spam and fraud calls, and helping carriers secure their networks for all.

runZero

runZero

runZero delivers the most complete security visibility possible, providing you the ultimate foundation for successfully managing exposures and compliance.

Hopper Security

Hopper Security

The Future of Open-Source Risk Management Starts Here. We built Hopper to make sure you can harness the power of Open-Source safely and effectively.