Security Risks In 5G Mobile

Uploaded on 2023-01-03 in TECHNOLOGY--Resilience, TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY-Key Areas-5G Networks

5G is a shorthand term that stands for the fifth generation of wireless cellular networks. With 5G networks, billions of devices and the Internet of Things (IoT) are interconnectible, leading to use cases like smart cities, AR/VR on mobile networks, remote medicine and much more. 

The potential applications are widely considered to be almost without limit. However, the massive potential and almost unlimited connectivity bring many challenges, not least are the security capabilities which are a critical element for 5G's success. The baseline is that 5G networks are not secure by design.

Firms setting up private 5G networks must design and install appropriate tools to encrypt sensitive message traffic, block IT attacks against x86-based servers, and protect OT protocols and equipment from tampering. The US National Security Agency (NSA) has now issued a report outlining the cyber security threats related to mobile broadband 5G network slicing. 

Network slicing allows operators to bring together several network attributes or components, potentially across multiple operators, which support specific applications or services for 5G users.

While efficient for delivering services, 5G network slicing casts a wide threat net that includes potential weak points in policy and standards, the supply chain as well as other issues. "Although network slicing is not solely unique to 5G, it is a critical component because 5G specifications call for network slicing as a fundamental component and therefore require network operators to adopt security practices that can mitigate threats like those described in this paper," according to the NSA report. 

Potential threats include denial of service (DoS), man-in-the-middle (MitM) attacks, and configuration attacks, it added.

The NSA, along with the Cybersecurity and Infrastructure Security Agency (CISA), assembled members of the public and private sectors to address 5G slicing security concerns. The 5G cyber security report looks toward how the architecture will play a role in enabling emerging technologies, including autonomous vehicles, and how to secure it. With these additions and changes, however, new security risks and additional attack surfaces must be addressed.

5G Security Risks 

Increased attack surface:   With millions and even billions more connected devices, 5G makes it possible for larger and more dangerous attacks. Current and future vulnerabilities of the existing internet infrastructure are only exacerbated. The risk of more sophisticated botnets, privacy violations, and faster data extraction can escalate with 5G.

More IoT, more problems:   IoT devices are inherently insecure; security is often not built-in by design. Each insecure IoT device on an organization’s networks represents another potential hole that an attacker can expose.

Decreased network visibility:   With 5G, our networks will only expand and become more usable by mobile users and devices. This means much more network traffic to manage. But without a robust wide area network (WAN) security solution like Secure Access Service Edge (SASE) in place, companies may not be able to gain the network traffic visibility required to identify abnormalities or attacks.

Increased supply chain and software vulnerabilities:   Currently and for the foreseeable future, 5G supply chains are limited. Vulnerabilities exist, particularly as devices are rushed to market, increasing the potential for faulty and insecure components. 

Data collection:   This is another major concern for 5G users. Virtually all smartphone applications require users' personal information before or during installation. 

App and software developers rarely mention how and where that data is stored and what it is going to be used for. 5G networks have no physical boundaries and use cloud-based data storage.  Consequently, 5G operators cannot protect or control user data stored in cloud environments. 

As each country has different levels of privacy measures and enforcement, user privacy is seriously challenged if and when the data is stored in the cloud of a different country.  Compared to traditional mobile networks, 5G is also more reliant on software, which elevates the risk of exploitation of the network infrastructure.

NSA:     Trend Micro:        Nokia:      Kaspersky:      ATT:       Dark Reading

You Might Also Read: 

Smartphones Are More Vulnerable Than You Think:

 

« Biden Signs Quantum Cyber Security Act
Multi-Factor Authentication Is No Shortcut To Cyber Resilience »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Logpoint

Logpoint

Logpoint is a creator of innovative security platforms to empower security teams in accelerating threat detection, investigation and response with a consolidated tech stack.

CyberOne

CyberOne

CyberOne (formerly Comtact) offer a full stack cybersecurity service to ensure our customers understand the cyber maturity of their organisation.

The Data Privacy Group

The Data Privacy Group

The Data Privacy Group provide expert professional services underpinned by world leading automation tools and a consulting team specialized in privacy and data protection.

Secret Double Octopus

Secret Double Octopus

Secret Double Octopus offers the world’s only keyless multi-shield authentication technology for users and things.

CERT-PH

CERT-PH

CERT-PH is the National Computer Emergency Response Team and the highest body for cybersecurity related activities in the Philippines.

Delfigo Security

Delfigo Security

Delfigo Security, a pioneer in intelligent authentication, provides a strong, multi-factor authentication solution to prevent identity theft and reduce fraud.

Voodoo Security

Voodoo Security

Voodoo Security is a specialized information security consulting firm focused on security assessments, risk and compliance analysis, and cloud security.

StoneLock

StoneLock

StoneLock is a trusted leader in the design and manufacture of facial recognition software and technology.

Canopius Group

Canopius Group

Canopius is a global specialty lines insurance and reinsurance company and one of the top 10 insurers in the Lloyd’s insurance market.

Cybots

Cybots

Cybots is a multinational cyber defence brand founded in Singapore in 2018 to help organizations stay ahead of increasingly sophisticated threats from cyber criminals.

West Midlands Cyber Resilience Centre (WMCRC)

West Midlands Cyber Resilience Centre (WMCRC)

The East Midlands Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Cybertronium

Cybertronium

Cybertronium is a leader in managing cyber risk. We bring you the latest from the complex, ever-evolving online threat environment with the insights to inspire and the expertise to act.

Strategic Technology Solutions (STS)

Strategic Technology Solutions (STS)

Strategic Technology Solutions specialize in providing Cybersecurity and Managed IT Services to the legal industry.

Reality Defender

Reality Defender

Reality Defender stops deepfakes before they become a problem. Our proprietary deepfake and generative content fingerprinting technology detects video, audio, and image deepfakes.

Bitdefender Voyager Ventures (BVV)

Bitdefender Voyager Ventures (BVV)

Bitdefender Voyager Ventures is an early-stage investment vehicle focused on cybersecurity, data analytics and automation startups.

Dialog Enterprise

Dialog Enterprise

Dialog Enterprise is the corporate ICT solutions arm of Dialog Axiata, Sri Lanka’s leading connectivity provider.