Many enterprises and sectors are unaware of the 5G security vulnerabilities that exist today. Wireless and IoT company Choice IoT says it’s critical for businesses to have a plan for discovering and overcoming them at the outset of a 5G/IoT platform rollout to avoid future cybersecurity disasters.
There is a big difference between the promise of 5G low latency, higher bandwidth, and speed for businesses versus the security of 5G. While many are excited about Gartner’s prediction of $4.2 billion being invested in global 5G wireless network infrastructure in 2020, few discuss the business costs of its unheralded security holes.(1) That’s an ongoing conversation that 5G and IoT solutions experts like Choice IOT’s CEO Darren Sadana are having with enterprises with 5G plans on the drawing board. “Businesses will need a strategy for overcoming 5G’s inherited security flaws from 4G or face major losses and privacy catastrophes.”
5G is poised to drive IoT, industrial IoT (IIoT), cloud services, network virtualization, and edge computing, which multiplies the endpoint security complications. Although the manufacturing sector cites IIoT security as the top priority, the combination of 5G security vulnerabilities may come back to haunt them.(2)
Pinpointing 5G Security Flaws
According to an Accenture study of more than 2,600 business and technology decision makers across 12 industry sectors in Europe, North America and Asia-Pacific, 62% fear 5G will make them more vulnerable to cyberattacks.(3)At the root of the problem is the reality that many of the security problems stem from the software-defined, virtualized nature of 5G versus the hardware foundations of earlier LTE mobile communication standards. It’s central role in IoT is a strength and a weakness where endpoints are highly localized and beyond the network edge. The 5G network promises of device authentication, device encryption, device ID, and credentialing are positives, but the flip side is that many of those pluses also carry security dangers.
The nature of how signals and data are routed in 5G/IoT networks can lead to Mobile Network mapping (MNmap), where attackers can create maps of devices connected to a network, identify each device and link it to a specific person. Then there are Man-in-the-middle (MiTM) attacks that enable attackers to hijack the device information before security is applied.(4)
There are also supply chain security challenges with platform components bought from overseas that harbor inherent security flaws. This can be seen in the backdoor vulnerabilities alleged to be purposely built into mobile carrier networks supplied with equipment from Chinese equipment giant Huawei.
The back doors would allow malicious actors to get target location, eavesdrop on calls, and enable the potential for ransomware injection into a 5G network targeting a mobile carrier.(5) These and other 5G security vulnerabilities were cited in a CISA report focused on 5G risks.(6)
Other vulnerabilities covered across the wireless and IoT sectors include SIM Jacking, Authenticated Key Exchange protocols (AKA) and a host of base station backdoor vulnerabilities.(7)(8)
IoT for everything from smart homes, medical devices and machine to machine (M2M) operation to smart cities/power grids and autonomous vehicles are threat targets. They all give attackers multiple ways to manipulate interconnected IoT devices communicating data via 5G networks. DDoS attacks, the ability to take control of video surveillance systems and medical devices, and more are all possible due to this broader attack surface and inherent 5G vulnerabilities.
Plugging 5G Security Holes
The picture doesn’t have to be a bleak one for businesses and enterprises that want to maximize the benefits of 5G while eliminating its vulnerabilities across sectors like healthcare, utilities, finance, automotive, communication and many others. A U.S. Senator, recently called on the FCC to require wireless carriers rolling out 5G networks to develop cybersecurity standards. (9) Sadana and other experts make it clear that assessment, discovery, and planning are key. They form the foundation for 5G/IoT platform buildout vulnerability identification and system modifications that encompass IT/OT and wireless connectivity.
Sadana points to the NIST National Cybersecurity Center of Excellence (NCCoE), which is developing a NIST Cybersecurity Practice Guide. This will demonstrate how the components of 5G architectures can be used securely to mitigate risks and meet industry sectors’ compliance requirements across use case scenarios.(10)
“While this goes a long way to providing a standardized practices roadmap for companies in creating 5G platforms that are secure, it’s only a start,” explained Sadana. “5G is still the wild west with things changing every day, so businesses need IoT/IT security expert partners that can help them plan from the ground up.”
About Choice IoT Choice IoT Inc. provides a wireless connectivity and management platform for IoT-based solutions providers in the consumer-facing, public, industrial, and infrastructural sectors. They were awarded Top 50 Smartest Companies of 2018 by the Silicon Review and Channel Vision’s Visionary Spotlight Awards for Top Innovation, Service Provider Enablement, and Enterprise Technology in 2019. With a business model based on ease of use and transparency, Choice IoT is dedicated to helping its customers deploy their solutions with maximum control and the lowest possible connectivity cost. For more information, please see www.choiceiot.com.
- “Gartner Forecasts Worldwide 5G Network Infrastructure Revenue to Reach $4.2 Billion in 2020,” Gartner, August 22, 2019, gartner.com/en/newsroom/press-releases/2019-08-22-gartner-forecasts-worldwide-5g-network-infrastructure
- Columbus, Louis. “Seven Things You Need To Know About IIoT In Manufacturing.” Forbes, Forbes Magazine, 3 June 2019, forbes.com/sites/louiscolumbus/2019/06/02/seven-things-you-need-to-know-about-iiot-in-manufacturing_updated/#d0dbb6c5f561.
- Accelerating the 5G future of business, Accenture, February 25, 2020 accenture.com/us-en/insights/communications-media/accelerating-5g-future-business
- Karen Epper Hoffman. “5G Inherits Some 4G Vulnerabilities.” Security Today, securitytoday.com/articles/2019/12/09/5g-inherits-some-4g-vulnerabilities.aspx.
- Seals, Tara. “Huawei Controversy Highlights 5G Security Implications.” Threatpost English Global Threatpostcom, February 4, 2020 threatpost.com/huawei-5g-security-implications/152926/.
- “Overview of Risks Introduced by 5G Adoption in the United States,” Cybersecurity and Infrastructure Security Agency (CISA), July 31, 2019, cisa.gov/sites/default/files/publications/19_0731_cisa_5th-generation-mobile-networks-overview_0.pdf
- From SIMjacking to Bad Decisions: 5G Security Threats to Non-Public Networks” TrendMicro, November 15, 2019, trendmicro.com/vinfo/us/security/news/internet-of-things/from-esim-jacking-to-fake-news-threats-to-5g-and-security-recommendations
- Cynthia Brumfield. “5G Security is a Mess. Could Digital Certificates Help? February 2020
- Alfred Ng. “5G brings up questions of cybersecurity vulnerabilities,” CNET, November 6, 2019
- Michael Bartock, Jeffrey Cichonski, Murugiah Souppaya. “5G Cybersecurity: Preparing a Secure Evolution to 5G,” NIST NCCoE February 2020, nccoe.nist.gov/sites/default/files/library/project-descriptions/5G-pse-project-description-draft.pdf