Gartner, the research and advisory company, predicts that $4.2 billion will be invested into a global 5G wireless network infrastructure in 2020—the upgrade to the digital cellular network promises low latency, higher bandwidth, and greater speed.
But, according to Darren Sadana, CEO of Choice IOT, too few businesses are discussing the costs of 5G’s unheralded security holes. “Businesses will need a strategy for overcoming 5G’s inherited security flaws from 4G or face major losses and privacy catastrophes,” Sadanna says.
5G is poised to drive IoT, industrial IoT (IIoT), cloud services, network virtualization, and edge computing, which multiplies the endpoint security complications. Although the manufacturing sector cites IIoT security as the top priority, the combination of 5G security vulnerabilities may come back to haunt them.
Pinpointing 5G Security Flaws
According to an Accenture study of more than 2,600 business and technology decision makers across 12 industry sectors in Europe, North America, and Asia-Pacific, 62% fear 5G will make them more vulnerable to cyberattacks. At the root of the problem is the reality that many of the security problems stem from the software-defined, virtualized nature of 5G versus the hardware foundations of earlier LTE mobile communication standards. It’s central role in IoT is a strength and a weakness where endpoints are highly localized and beyond the network edge. The 5G network promises of device authentication, device encryption, device ID, and credentialing are positives, but the flip side is that many of those pluses also carry security dangers.
The nature of how signals and data are routed in 5G/IoT networks can lead to mobile network mapping (MNmap), where attackers can create maps of devices connected to a network, identify each device, and link it to a specific person. Other risks include man-in-the-middle (MITM) attacks, which enable attackers to hijack the device information before security is applied.
There are also supply chain security challenges with platform components bought from overseas that harbor inherent security flaws. This can be seen in the backdoor vulnerabilities alleged to be purposely built into mobile carrier networks supplied with equipment from Chinese equipment giant Huawei.
The back doors would allow malicious actors to get target location, eavesdrop on calls, and enable the potential for ransomware injection into a 5G network targeting a mobile carrier. These and other 5G security vulnerabilities were cited in a CISA report focused on 5G risks. Other vulnerabilities include SIM jacking, authenticated key exchange protocols (AKA) and a host of base station backdoor vulnerabilities.
IoT for everything from smart homes, medical devices, and machine to machine (M2M) operation to smart cities/power grids and autonomous vehicles are threat targets. They all give attackers multiple ways to manipulate interconnected IoT devices communicating data via 5G networks. DDoS attacks, the ability to take control of video surveillance systems and medical devices, and more are all possible due to this broader attack surface and inherent 5G vulnerabilities.
Plugging 5G Security Holes
The picture doesn’t have to be bleak for businesses and enterprises that want to maximize the benefits of 5G while eliminating its vulnerabilities across sectors such as healthcare. A U.S. Senator recently called on the Federal Communications Commission (FCC) to require wireless carriers rolling out 5G networks to develop cybersecurity standards.
Sadana and other experts make it clear that assessment, discovery, and planning are key. They form the foundation for 5G/IoT platform buildout vulnerability identification and system modifications that encompass IT/OT and wireless connectivity.
Sadana points to the NIST National Cybersecurity Center of Excellence (NCCoE), which is developing a NIST Cybersecurity Practice Guide. This will demonstrate how the components of 5G architectures can be used securely to mitigate risks and meet industry sectors’ compliance requirements across use case scenarios.
“While this goes a long way toward providing a standardized practices road map for companies in creating 5G platforms that are secure, it’s only a start,” says Sadana. “5G is still the Wild West, with things changing every day, so businesses need IoT/IT security expert partners that can help them plan from the ground up.”