Security Risks In 5G Mobile

Uploaded on 2023-01-03 in TECHNOLOGY--Resilience, TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

5G is a shorthand term that stands for the fifth generation of wireless cellular networks. With 5G networks, billions of devices and the Internet of Things (IoT) are interconnectible, leading to use cases like smart cities, AR/VR on mobile networks, remote medicine and much more. 

The potential applications are widely considered to be almost without limit. However, the massive potential and almost unlimited connectivity bring many challenges, not least are the security capabilities which are a critical element for 5G's success. The baseline is that 5G networks are not secure by design.

Firms setting up private 5G networks must design and install appropriate tools to encrypt sensitive message traffic, block IT attacks against x86-based servers, and protect OT protocols and equipment from tampering. The US National Security Agency (NSA) has now issued a report outlining the cyber security threats related to mobile broadband 5G network slicing. 

Network slicing allows operators to bring together several network attributes or components, potentially across multiple operators, which support specific applications or services for 5G users.

While efficient for delivering services, 5G network slicing casts a wide threat net that includes potential weak points in policy and standards, the supply chain as well as other issues. "Although network slicing is not solely unique to 5G, it is a critical component because 5G specifications call for network slicing as a fundamental component and therefore require network operators to adopt security practices that can mitigate threats like those described in this paper," according to the NSA report. 

Potential threats include denial of service (DoS), man-in-the-middle (MitM) attacks, and configuration attacks, it added.

The NSA, along with the Cybersecurity and Infrastructure Security Agency (CISA), assembled members of the public and private sectors to address 5G slicing security concerns. The 5G cyber security report looks toward how the architecture will play a role in enabling emerging technologies, including autonomous vehicles, and how to secure it. With these additions and changes, however, new security risks and additional attack surfaces must be addressed.

5G Security Risks 

Increased attack surface:   With millions and even billions more connected devices, 5G makes it possible for larger and more dangerous attacks. Current and future vulnerabilities of the existing internet infrastructure are only exacerbated. The risk of more sophisticated botnets, privacy violations, and faster data extraction can escalate with 5G.

More IoT, more problems:   IoT devices are inherently insecure; security is often not built-in by design. Each insecure IoT device on an organization’s networks represents another potential hole that an attacker can expose.

Decreased network visibility:   With 5G, our networks will only expand and become more usable by mobile users and devices. This means much more network traffic to manage. But without a robust wide area network (WAN) security solution like Secure Access Service Edge (SASE) in place, companies may not be able to gain the network traffic visibility required to identify abnormalities or attacks.

Increased supply chain and software vulnerabilities:   Currently and for the foreseeable future, 5G supply chains are limited. Vulnerabilities exist, particularly as devices are rushed to market, increasing the potential for faulty and insecure components. 

Data collection:   This is another major concern for 5G users. Virtually all smartphone applications require users' personal information before or during installation. 

App and software developers rarely mention how and where that data is stored and what it is going to be used for. 5G networks have no physical boundaries and use cloud-based data storage.  Consequently, 5G operators cannot protect or control user data stored in cloud environments. 

As each country has different levels of privacy measures and enforcement, user privacy is seriously challenged if and when the data is stored in the cloud of a different country.  Compared to traditional mobile networks, 5G is also more reliant on software, which elevates the risk of exploitation of the network infrastructure.

NSA:     Trend Micro:        Nokia:      Kaspersky:      ATT:       Dark Reading

You Might Also Read: 

Smartphones Are More Vulnerable Than You Think:

 

« Biden Signs Quantum Cyber Security Act
Multi-Factor Authentication Is No Shortcut To Cyber Resilience »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Reblaze Technologies

Reblaze Technologies

Reblaze provides the world’s best security technologies in a cloud-based website security platform.

Telia Cygate

Telia Cygate

Cygate are specialists in information security, data networks, and data centre and cloud technologies.

Networkers

Networkers

Networkers is a global recruitment consultancy helping unite job-seekers and hiring companies across the technology industry.

MACH37

MACH37

MACH37 is a market-centric cybersecurity accelerator program designed to facilitate the creation of the next generation of cybersecurity product companies.

Clym

Clym

Clym is the data privacy platform that helps organisations meet their data protection obligations. Cookies, Consent, Requests, Policies and more are all managed in a secure and adaptive application.

Ioetec

Ioetec

Ioetec's mission is to connect users to their IoT devices securely, ensuring these devices remain safe to use in our increasingly connected world.

Cowbell Cyber

Cowbell Cyber

Cowbell Cyber™ offers continuous risk assessment, comprehensive cyber liability coverage, and continuous underwriting through an AI-powered platform.

Shevirah

Shevirah

Shevirah specializes in products for automated mobile and IoT device vulnerability assessment, penetration testing, and mobile security awareness training.

3i Infotech

3i Infotech

3i Infotech offers consulting & professional services to assess, design and build next gen IT infrastructure, and managed services to operate, optimize and continuously improve.

Cyber Insurance Academy

Cyber Insurance Academy

Cyber Insurance Academy was founded to provide insurance professionals with the knowledge needed to work in cyber-insurance and cyber-related insurance fields.

Gotham Digital Science (GDS)

Gotham Digital Science (GDS)

Gotham Digital Science is an international security services company specializing in Application and Network Infrastructure security, and Information Security Risk Management.

FourthRev

FourthRev

FourthRev is an education-technology start-up with a mission to solve the skills crisis of the Fourth Industrial Revolution.

Yogosha

Yogosha

Yogosha is a crowdsourced cybersecurity platform enabling a win-win collaboration with the most talented hackers to detect and fix vulnerabilities on your most critical systems.

Def-Logix

Def-Logix

Def-Logix was founded in 2008 to help solve cyber threats being experienced by government agencies of the United States.

DigitalWell

DigitalWell

DigitalWell provide fully managed IT and communications solutions for a truly innovative end-to-end experience - for your customers and teams.

SYN Ventures

SYN Ventures

SYN Ventures invests in disruptive, transformational solutions that reduce technology risk.