Security Risks In 5G Mobile

Uploaded on 2023-01-03 in TECHNOLOGY--Resilience, TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

5G is a shorthand term that stands for the fifth generation of wireless cellular networks. With 5G networks, billions of devices and the Internet of Things (IoT) are interconnectible, leading to use cases like smart cities, AR/VR on mobile networks, remote medicine and much more. 

The potential applications are widely considered to be almost without limit. However, the massive potential and almost unlimited connectivity bring many challenges, not least are the security capabilities which are a critical element for 5G's success. The baseline is that 5G networks are not secure by design.

Firms setting up private 5G networks must design and install appropriate tools to encrypt sensitive message traffic, block IT attacks against x86-based servers, and protect OT protocols and equipment from tampering. The US National Security Agency (NSA) has now issued a report outlining the cyber security threats related to mobile broadband 5G network slicing. 

Network slicing allows operators to bring together several network attributes or components, potentially across multiple operators, which support specific applications or services for 5G users.

While efficient for delivering services, 5G network slicing casts a wide threat net that includes potential weak points in policy and standards, the supply chain as well as other issues. "Although network slicing is not solely unique to 5G, it is a critical component because 5G specifications call for network slicing as a fundamental component and therefore require network operators to adopt security practices that can mitigate threats like those described in this paper," according to the NSA report. 

Potential threats include denial of service (DoS), man-in-the-middle (MitM) attacks, and configuration attacks, it added.

The NSA, along with the Cybersecurity and Infrastructure Security Agency (CISA), assembled members of the public and private sectors to address 5G slicing security concerns. The 5G cyber security report looks toward how the architecture will play a role in enabling emerging technologies, including autonomous vehicles, and how to secure it. With these additions and changes, however, new security risks and additional attack surfaces must be addressed.

5G Security Risks 

Increased attack surface:   With millions and even billions more connected devices, 5G makes it possible for larger and more dangerous attacks. Current and future vulnerabilities of the existing internet infrastructure are only exacerbated. The risk of more sophisticated botnets, privacy violations, and faster data extraction can escalate with 5G.

More IoT, more problems:   IoT devices are inherently insecure; security is often not built-in by design. Each insecure IoT device on an organization’s networks represents another potential hole that an attacker can expose.

Decreased network visibility:   With 5G, our networks will only expand and become more usable by mobile users and devices. This means much more network traffic to manage. But without a robust wide area network (WAN) security solution like Secure Access Service Edge (SASE) in place, companies may not be able to gain the network traffic visibility required to identify abnormalities or attacks.

Increased supply chain and software vulnerabilities:   Currently and for the foreseeable future, 5G supply chains are limited. Vulnerabilities exist, particularly as devices are rushed to market, increasing the potential for faulty and insecure components. 

Data collection:   This is another major concern for 5G users. Virtually all smartphone applications require users' personal information before or during installation. 

App and software developers rarely mention how and where that data is stored and what it is going to be used for. 5G networks have no physical boundaries and use cloud-based data storage.  Consequently, 5G operators cannot protect or control user data stored in cloud environments. 

As each country has different levels of privacy measures and enforcement, user privacy is seriously challenged if and when the data is stored in the cloud of a different country.  Compared to traditional mobile networks, 5G is also more reliant on software, which elevates the risk of exploitation of the network infrastructure.

NSA:     Trend Micro:        Nokia:      Kaspersky:      ATT:       Dark Reading

You Might Also Read: 

Smartphones Are More Vulnerable Than You Think:

 

« Biden Signs Quantum Cyber Security Act
Multi-Factor Authentication Is No Shortcut To Cyber Resilience »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ASIS International

ASIS International

ASIS International is a global community of security practitioners with a role in the protection of assets - people, property, and/or information.

IS Decisions

IS Decisions

IS Decisions provide solutions to secure, control & audit user access to Microsoft Windows Server-based networks.

CERT Bulgaria (CERT.BG)

CERT Bulgaria (CERT.BG)

CERT Bulfaria is the National Computer Security Incidents Response Team for Bulgaria.

UZCERT

UZCERT

UZCERT is the national Computer Emergency Response Team for Uzbekistan.

Santa Monica Networks (SMN)

Santa Monica Networks (SMN)

Santa Monica Networks specializes in providing secure solutions for data networks and data centers.

Dubex

Dubex

Dubex is Denmark's leading business-oriented IT security specialist.

Eustema

Eustema

Eustema designs and manages ICT solutions for medium and large organizations.

Sequitur Labs

Sequitur Labs

Sequitur Labs is developing seminal technologies and solutions to secure and manage connected devices of today and in the future.

Fend

Fend

Fend secures smart infrastructure. We provide a robust, highly secure way to have situational awareness of IoT enabled assets.

Sylint

Sylint

Sylint is an internationally recognized cyber security and digital data forensics firm with extensive experience discretely addressing some of today’s biggest cyber breaches.

Gigit

Gigit

Gigit’s Service portfolio focuses on your business’ needs and the integration of comprehensive cybersecurity policies, plans, procedures, and practices into your business culture and operations.

CliftonLarsonAllen (CLA)

CliftonLarsonAllen (CLA)

CLA exists to create opportunities for our clients through industry-focused advisory, outsourcing, audit, tax, and consulting services.

Pratum

Pratum

Pratum is an information security services firm that helps clients solve challenges based on risk, not fear.

Accops Systems

Accops Systems

Accops enables secure and instant remote access to business applications from any device and network, ensuring compliant enterprise mobility.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

Centre for Cyber Security Research & Innovation

Centre for Cyber Security Research & Innovation

The Centre for Cyber Security Research & Innovation is Nepal's First Academic Research Institute to focus on understanding the overall Information Security of Nepalese Organizations.