Security Risks In 5G Mobile

5G is a shorthand term that stands for the fifth generation of wireless cellular networks. With 5G networks, billions of devices and the Internet of Things (IoT) are interconnectible, leading to use cases like smart cities, AR/VR on mobile networks, remote medicine and much more. 

The potential applications are widely considered to be almost without limit. However, the massive potential and almost unlimited connectivity bring many challenges, not least are the security capabilities which are a critical element for 5G's success. The baseline is that 5G networks are not secure by design.

Firms setting up private 5G networks must design and install appropriate tools to encrypt sensitive message traffic, block IT attacks against x86-based servers, and protect OT protocols and equipment from tampering. The US National Security Agency (NSA) has now issued a report outlining the cyber security threats related to mobile broadband 5G network slicing. 

Network slicing allows operators to bring together several network attributes or components, potentially across multiple operators, which support specific applications or services for 5G users.

While efficient for delivering services, 5G network slicing casts a wide threat net that includes potential weak points in policy and standards, the supply chain as well as other issues. "Although network slicing is not solely unique to 5G, it is a critical component because 5G specifications call for network slicing as a fundamental component and therefore require network operators to adopt security practices that can mitigate threats like those described in this paper," according to the NSA report. 

Potential threats include denial of service (DoS), man-in-the-middle (MitM) attacks, and configuration attacks, it added.

The NSA, along with the Cybersecurity and Infrastructure Security Agency (CISA), assembled members of the public and private sectors to address 5G slicing security concerns. The 5G cyber security report looks toward how the architecture will play a role in enabling emerging technologies, including autonomous vehicles, and how to secure it. With these additions and changes, however, new security risks and additional attack surfaces must be addressed.

5G Security Risks 

Increased attack surface:   With millions and even billions more connected devices, 5G makes it possible for larger and more dangerous attacks. Current and future vulnerabilities of the existing internet infrastructure are only exacerbated. The risk of more sophisticated botnets, privacy violations, and faster data extraction can escalate with 5G.

More IoT, more problems:   IoT devices are inherently insecure; security is often not built-in by design. Each insecure IoT device on an organization’s networks represents another potential hole that an attacker can expose.

Decreased network visibility:   With 5G, our networks will only expand and become more usable by mobile users and devices. This means much more network traffic to manage. But without a robust wide area network (WAN) security solution like Secure Access Service Edge (SASE) in place, companies may not be able to gain the network traffic visibility required to identify abnormalities or attacks.

Increased supply chain and software vulnerabilities:   Currently and for the foreseeable future, 5G supply chains are limited. Vulnerabilities exist, particularly as devices are rushed to market, increasing the potential for faulty and insecure components. 

Data collection:   This is another major concern for 5G users. Virtually all smartphone applications require users' personal information before or during installation. 

App and software developers rarely mention how and where that data is stored and what it is going to be used for. 5G networks have no physical boundaries and use cloud-based data storage.  Consequently, 5G operators cannot protect or control user data stored in cloud environments. 

As each country has different levels of privacy measures and enforcement, user privacy is seriously challenged if and when the data is stored in the cloud of a different country.  Compared to traditional mobile networks, 5G is also more reliant on software, which elevates the risk of exploitation of the network infrastructure.

NSA:     Trend Micro:        Nokia:      Kaspersky:      ATT:       Dark Reading

You Might Also Read: 

Smartphones Are More Vulnerable Than You Think:

 

« Biden Signs Quantum Cyber Security Act
Multi-Factor Authentication Is No Shortcut To Cyber Resilience »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Forensic Control

Forensic Control

Forensic Control specialise in providing simple & straightforward Cyber Security to organisations, helping them assess, prevent and respond to cyber threats.

Avatu

Avatu

Avatu specialise in providing clients the advice, technology and tools they need to fight cyber and insider threats.

Commissum

Commissum

Commissum specialise in information assurance and security testing services.

ENEA Qosmos Division

ENEA Qosmos Division

Qosmos, a division of Enea, leads the market for IP traffic classification and network intelligence technology used in physical, SDN and NFV architectures.

Avansic

Avansic

Avansic is a leading provider of e-discovery and digital forensics services to attorneys, litigation support teams, and business communities.

GovCERT Austria

GovCERT Austria

GovCERT Austria is the Austrian Government Computer Emergency Response Team. Its constituency consists of Austria's public administration.

Sopher Networks

Sopher Networks

Sopher is a secure communication and collaboration platform for business and personal use.

Mosaic 451

Mosaic 451

Mosaic451 is a bespoke IT managed services provider and consultancy specializing in information security, operations and design.

Fiserv

Fiserv

Fiserv offers a wide array of Risk & Compliance solutions to help you prevent losses from fraud and ensure adherence to regulatory and compliance mandates.

Duality Technologies

Duality Technologies

Duality Technologies combine Advanced Cryptography with Data Science to deliver High-Performance Privacy-Protecting Computing to Regulated Industries.

Tactical Network Systems (TNS)

Tactical Network Systems (TNS)

Tactical Network Solutions helps you discover hidden attack vectors in IoT and connected devices before someone else does.

Scarlett Cybersecurity

Scarlett Cybersecurity

Scarlett Cybersecurity provide cybersecurity services to US private and public organizations with specific emphasis on compliance and cybersecurity incident prevention, detection, and response.

Stefanini Group

Stefanini Group

Stefanini is a global IT services company providing a broad range of solutions for digital transformation including automation, cloud, IoT and cybersecurity.

FPT Software

FPT Software

As a leading technology service provider, FPT assists customers of all sizes and from any industries in implementing and adapting digital technologies including cybersecurity.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

Cybernatics

Cybernatics

Cybernatics is inspired by bringing together best-in-class innovations around Cybersecurity and Analytics. We offer tailored enterprise solutions to safeguard your organisations best interests.