Critical Security Challenges and Threats Facing 5G Networks – New and Improved Cyberattacks
A breakdown of some of the most prominent security concerns facing consumers and enterprises on 5G networks
The fifth generation of wireless networks has arrived. Big tech companies like Samsung, Huawei, and LG are rolling out 5G-capable phones this year and there will be more to join. AT&T deployed 5G networks in select cities in December of last year, and a slew of 5G tech was shown off at CES2019, like Intel’s 5G-focused Project Athena and AT&T’s 5G network for hospitals and stadiums.
Change is coming fast for consumers and companies as 5G promises to widen the landscape of wireless devices with new gadgets like self-driving cars and more immersive virtual reality. Even critical infrastructure will come to depend on 5G. Inevitably, these changes come with new security challenges for networks and a heightened need for securing IoT devices.
5G: A Double-Edged Sword
Compared to 3G and 4G networks, 5G will offer much faster data transfer speeds, lower latency, and more reliable connections. All of this means enhanced user experience for mobile device consumers; and for enterprises, increased productivity and faster service delivery. Notably, 5G’s access to higher bandwidths will connect considerably more users and devices than its predecessors.
This all seems like good news, but 5G comes with boons for not only enterprises but also cyber-criminals. Here’s a breakdown of some of the most prominent security concerns facing consumers and enterprises on 5G networks:
1. Substantially larger attack surface. Because 5G networks will connect more IoT devices, there will be far more entry points for targeted attacks than ever. Smart devices will proliferate, and each one can potentially become a target or weapon for hackers.
2. Bigger impacts from cyberattacks. Enterprises and infrastructures will come to depend on 5G significantly more than its predecessors. Air traffic, smart cars, hospitals, and more will rely on 5G. With so many interconnected IoT devices and infrastructures, a security breach in one area can have cascading effects on network-connected devices. The fallout from cyberattacks on unsecured devices can be more catastrophic than ever before, even affecting general public safety.
3. The potential for more invasive spying. USA Today warned that manufacturers, too, can use the enhanced connectivity of their 5G devices to spy on consumers. Any smart device with camera and audio capabilities could be abused by cyber criminals or manufacturers to watch and listen to unaware users.
The splashiest recent example of this sort of risk came from government responses to Chinese telecom company Huawei and their 5G-capable phone, the Mate X. Some world governments have been cautious with allowing Huawei on their networks, fearing state-sponsored espionage. In particular, the U.S. has banned Huawei’s equipment from their 5G networks out of fear the manufacturer might collect intel on behalf of the Chinese government, although the validity of their restrictive measures has been contested by Huawei and some IT experts.
Whether Huawei represents a special threat to cybersecurity is up for debate, but the possibility does exist that manufacturers could invade users’ privacy and quietly gather information from unaware users through backdoors. Who could be compromised? Not only individual users but also enterprises, particularly those with employees accessing work-related data on inadequately protected mobile devices.
4. Missing security goals. A study published by Cornell University last year indicated that the 5G AKE protocol failed “to meet several security goals” required by the 3GPP, the organization responsible for developing mobile protocols and “other critical security properties.” AKE (Authenticated Key Exchange) is a standardized security protocol for mobile subscriber authentication.
5. Subscriber activity monitoring attacks. An analysis conducted by an international team of researchers found that a new sort of security threat can exploit vulnerabilities in all AKE protocols, including those of 5G, and invade the privacy of mobile users more severely than pre-existing threats.
These “subscriber activity monitoring” attacks utilize fake base station attacks, which attackers have used to target vulnerable AKE protocols and security leaks in 3G and 4G networks, and a vulnerability in the encryption for SQNs (sequence numbers). Although 5G AKE protocols have improved security against fake base station attacks, the researchers demonstrated that relay attacks can breach 5G’s SQN protection, rendering it useless. These are worse than previous attacks because, unlike before, when a user could escape the invasion by leaving the attack area, hackers can continue monitoring user activity even if they have left the range of the fake base station using this new attack.
6. More sinister DDoS attacks. According to Inverse, Stuart Madnick, a professor of IT at the Massachusetts Institute of Technology, theorized that cyber attackers could use 5G’s lower latency to decrease the number of devices needed to overwhelm enterprises in DDoS attacks, saying, “The worst is yet to come.”
5G’s considerable speed boost will make these attacks more efficient and harder to handle. DDoS attackers will be able to strike faster — in seconds, not minutes — and so responses to counter these attacks will also need to be faster. Furthermore, there will be more IoT devices available for hackers to gather and harness for DDoS attacks so it’s quite possible these attacks will increase in frequency.
Despite the vast number of tech products and advancements we can expect to see rise from increasing 5G network usage, 5G security needs to be approached cautiously, vigilantly, and with an understanding of the potential 5G opens for cyber breaches and privacy invasions. Hopefully, these security vulnerabilities will be addressed with the next phase of 5G, which the 3GPP has planned to roll out at the end of 2019. In the meantime, consumers and businesses will have to take what measures they can to protect their data and privacy.
To learn how to increase your company’s cybersecurity and data protection, contact the experts at CyberReef Solutions today.