5G and IoT: A perfect fit, or not fit for purpose?

Jimmy Jones, security expert at Positive Technologies.
(Image credit: Positive Technologies)

As we look ahead to the New Year, we reflect on what has passed and look forward to the excitement surrounding 5G and its ability to herald a new age of connected devices. Gartner analysts estimate that by the end of 2020 there will be around 20 billion IoT devices, but are we prepared? We move beyond the hype to evaluate whether security concerns will dampen the excitement surrounding a much anticipated advancement in the way we live and work.

On first inspection, 5G appears to have underwhelmed consumers. Early launches have often resulted in unenviable download speeds. This is because any slight improvement can be deemed 5G. More importantly though, operators have been desperate to show progress and claimed ‘5G’ for hybrid networks built on existing 4G networks. This is symptomatic of a broader industry issue in which operators have struggled to cope with the timelines set for existing rollouts. They are still yet to complete 4G’s introduction due to mounting financial and logistical challenges. They have also been severely burdened by indecision resulting from the controversy surrounding the use of Huawei’s equipment. A decision which was delayed until after the UK election, but that now appears to have a green light from UK security chiefs.

At the same time, the public's appetite for IoT has been steadily growing. Nearly a third of U.S. consumers reported purchasing or installing a smart home product in the past year. Home hubs and smart meters in particular have steadily grown in adoption, yet IoT innovation has slowed. This is because of the high power consumption that IoT devices require to run on 4G networks. IoT devices are therefore costly to design because of the larger batteries needed. In addition, 4G creates significant latency, which means that signals take time to move from one place to another. This rules out the operation of mission critical devices, which require faultless connections. 

Endless possibilities for IoT innovation 

All this looks set to change with the introduction of full 5G networks. These will make IoT devices much easier to deploy and manage, prompting a whole host of new use cases including healthcare, mobility, industrial automation and asset tracking. Several key features will make this happen. The first is a huge improvement in message latency, which will support the use of mission critical systems. The second is the inclusion of a new feature called network slicing. This will mean that every device will have its own optimized signalling process and therefore reduce the power burden on receiving devices. In addition, this will support more simultaneous IoT connections at one time.

For consumers, the benefits of full 5G networks are likely to be swift and obvious. The increase in download speeds of up to 100 times will enable IoT devices to have more complicated and visually intuitive interfaces. There will also be distinguishable benefits in the battery life and physical design of connected devices. New chipsets are being manufactured for this purpose. Cat-M1 is currently used in most IoT devices, but it is much less efficient than the new Cat-NB1 which has only recently been rolled out in Europe and the US.  This will accelerate the introduction of kinetic technologies such as driverless cars, smart watches and pacemakers. 

Within the workplace, 5G presents an opportunity for companies to rethink their operational processes. A glimpse of its potential can be seen from home appliance manufacturer Whirlpool’s 5G testing within one of its factories. 5G’s ability to go through walls compared to WiFi has improved environmental controls and process monitoring. The success of this test has led to an extension of 5G’s rollout in a process which is eventually expected to power a move to autonomous forklift vehicles

Security issues threaten to spoil the excitement 

This excitement must be tempered with cautious pragmatism. 5G will, for the short term, be laid on top of the existing LTE network core, which is already prone to vulnerabilities. This means that 100 percent of 5G NSA networks will be vulnerable to DoS, too. In 2018, our researchers found vulnerabilities on 74 percent of the networks they tested. This security concern is magnified by the sheer number of expected devices and the importance of the information they will be carrying using the network. Clearly, if someone hacks a phone they may be able to steal money, causing emotional and financial damage. If, however, they hack a pacemaker or an autonomous vehicle, it will literally be a life or death situation. 

The chances of security breaches are also increasing due to a shift away from Windows-based attacks towards IoT platforms. Our research supports this. In the last year alone, we’ve discovered that the average web application contains 33 vulnerabilities and 67 percent of web applications contain high-risk vulnerabilities. Previous hacks have also shown how destructive the exploitation of these weaknesses can become.

In 2016, the botnet Mirai caused mass disruption of communications in Europe. This included an attack on 900,000 devices at Deutche Telecom, and another on DNS provider Dyn, which cut off access for U.S. and European users to services such as Amazon, GitHub, and PayPal. 

5G’s design is also likely to increase the risks. It is built on HTTP protocols for the first time, which makes it attractive to hackers that are used to exploiting web vulnerabilities. 

Through network slicing, operators can split a single physical network into multiple virtual network slices, so that a particular device can access only certain services with certain parameters at the right time. In theory, every network slice is isolated from the others, so a compromise of an individual slice should not have a domino effect on other slices – or the network as a whole. However, instead of configuring just one network, operators will have to configure a larger number of slices, which will have more complex security implications, and reduce the ability for operators to monitor traffic on the networks. IoT devices act very differently than humans, and due to their huge disparities in use cases, it makes it difficult to assess whether they have been hacked or not. Some remain dormant and transmit very little information, whereas others fire information constantly. 

A shift in mindset will minimize the risks 

The time is now to tackle the risks if we, as a society, are to capitalize on the opportunities that 5G will bring for IoT. Availability, integrity, and confidentiality remain the foremost concerns. And it is not a time to bury our heads in the sand. Yet that appears to be what we are doing. Because new strains of Mirai continue to be discovered such as the IoTroop/Reaper botnet, which struck financial institutions in 2018, and Yowai in early 2019. And companies are paying serious penalties from remaining reactive. 

Four years ago, US university student Noah Clements purchased and subsequently found a vulnerability in his door bell. He quickly raised the issue with the manufacturer and requested to publish his concerns. This then resulted in a legal battle as the manufacturer thought the subsequent negative publicity might topple the company. In fact, many large manufacturers often pay out to hackers for finding vulnerabilities.

These examples show clearly how a new mindset is required. This means shifting from a reactive approach to a preventative approach, one that will pay dividends down the line. We live in a world where cyberattacks are simply par for the course, so their prevention must be prioritized. 

And if this happens, then 5G could indeed be a perfect fit for IoT.

Jimmy Jones

 Jimmy Jones’ experience in telecoms spans over twenty years.  Throughout his career he has strengthen his industry knowledge, working in multiple engineering roles within major operators such as WorldCom (now Verizon), and vendors including Nortel and Genband. Jimmy joined Positive Technologies in 2017 to help telecom clients transform their network, by leveraging his extensive industry experience.