5G security is going to become increasingly important, with 5G services set to cover most of the UK and US over the next few years.
As major network operators launch new services around the world, much of the debate surrounding the network has been around the 5G security risks it represents.
The security of telecom networks is at the top of the agenda for both the UK and US governments.
And as 5G opens up more opportunities in areas such as healthcare, manufacturing and transport, the reality is that it is becoming an increasingly attractive target for cyber criminals, as it increases the available threat surface along with the consequences of any damage inflicted.
Let's first examine the burning 5G security issue of the moment - Huawei.
Is Huawei a 5G security threat?
Back in June 2019, The Science and Technology Committee asked suppliers, network operators and academics - including the Global Cyber Security and Privacy Officer of Huawei - about the possible security risks involved with 5G communications networks and to what extent those risks could be managed.
Shortly after this, the Department for Digital, Culture, Media and Sport published its Telecoms Supply Chain Review, which provided a comprehensive assessment of the supply arrangements for the UK’s telecom networks.
The findings of the review set out concerns about the security and resilience of the UK’s telecom networks. It shone a spotlight on how much work remains to be done in areas such as strengthening policy and regulation to better ensure telecoms cybersecurity, as well as diversifying the supply chain.
As 2019 progressed, it was clear the UK was coming under increased pressure from the US to ban Huawei from its 5G networks.
In early January 2020, the US presented the UK Government with a dossier that it said showed up new security risks. But the UK has so far chosen not to swallow the US Huawei trade ban wholesale and, as the Wall Street Journal notes, the UK pushed back against the ban.
The problem there is that three of the UK networks are using at least some Huawei equipment to roll out 5G already, while the fourth - O2 - shares some gear with one of the others, Vodafone.
Part of the issue is that Huawei equipment is cheaper than alternatives from Samsung, Nokia and Ericsson. That's largely because of Huawei's huge research and development budgets for 5G technologies - it has said for a long time that its ambition was to lead the sector.
Under pressure, the UK Government has decided to allow Huawei to be keep being involved with the UK 5G rollout, with some restrictions. There were some last-minute interjections from some including US secretary of State Mike Pompeo, piling on the pressure and suggesting that "the UK has a momentous decision ahead on 5G."
It was announced that: “New restrictions [will] be placed on the use of high-risk vendors in the UK’s 5G and gigabit-capable networks.” Huawei was not named specifically, but the restrictions mean UK networks can't use tech from "high-risk vendors" in the core of their networks at all (they are already pulling this out, anyway).
But they can use Huawei gear in up to 35 percent of the access network (masts and base stations). In other words, networks will have to mix up their gear.
"High-risk vendors" are also excluded from "sensitive geographic locations, such as nuclear sites and military bases".
UK telcos are understandably not keen on using alternatives because of the cost and hassle to replace equipment they already have.
The latest development is sure to have an affect on US-UK relations, which are at a critical point ahead of the need to negotiate a post-Brexit trade deal.
Since the UK Government announcement in January, the Trump administration has moved to criticise the UK as part of its ongoing agenda against Huawei.
According to the FT, a senior Trump official said the announcement was “disappointing...there is no safe option for untrusted vendors to control any part of the 5G network.”
The language has continued in the same vein since the announcement, with the top cyber security official saying that the move threatens UK-US intelligence sharing.
"If countries adopt untrustworthy vendors in 5G technology, it will jeopardise our ability to share information at the highest levels," said Robert Strayer, US deputy assistant secretary for cyber and communications.
Part of the problem appears to be that the US doesn't have a key supplier of 5G equipment itself despite its strong opposition to using Huawei equipment. 66 percent of the global market for telco equipment is taken up by Sweden’s Ericsson, Finland’s Nokia and Huawei and ZTE from China.
It looks like this one will run and run.
Is there a concern about 5G security?
Clearly governments are concerned about the security of 5G and the impact on data sharing down the line, dictated by the choices they're making now.
In October 2019, the AT&T Cybersecurity Insights Report in the US suggested that businesses aren’t yet ready for 5G. While nearly all of the 704 respondents expected to make 5G-related security changes within the next five years, only 16 percent had started preparing.
Participants were also concerned about the greater potential for attacks as well as the increased number of devices accessing the network.
These reports highlight why it is important to not be under the illusion that, although operators have begun going live with the next-generation network, we are not achieving the full breadth of what 5G has to offer. We still have a long way to go. Achieving its full potential is not a simple case of out with the old and in with the new.
A need to work backwards
The reality is that many 5G networks contain security flaws from day one, due to their reliance on the existing 4G network core.
According to 3GPP Release 15 for 5G, published in summer 2018, the first wave of 5G networks and devices is classified as Non-Standalone (NSA). This means that devices will connect to 5G frequencies for data transmission in cases where greater bandwidth and lower latency are required, such as for communication between smart cars, or to reduce power draw on IoT-enabled devices. For voice calls and SMS messaging, however, they will still rely on 4G and, in some cases, even 2G/3G networks.
However, a recent security audit found that every 4G network contains vulnerabilities which hackers could exploit to perform a range of illegal actions, such as locating users, intercepting SMS messages, and instigating denial of service (DoS) attacks. Bearing this in mind, security threats associated with 3G and 4G will continue to remain long after 5G reaches the public and will heavily influence deployments for at least the next three to five years.
The majority of operators have gone down the road of creating a 5G network based on an existing LTE network core. But using LTE networks as the building blocks for the creation of 5G networks will mean they will not be immune from the same vulnerabilities. Indeed, it means that 100 percent of 5G NSA networks will be vulnerable to DoS, too. In 2018, our researchers found vulnerabilities on 74 percent of the networks they tested. Not only this, every tested 4G network was seen to allow third parties to obtain data about the operator's network configuration.
In order to provide adequate protection for the 5G networks of the future, operators need to work backwards and secure previous-generation networks. Unfortunately, however, security measures can often take a backseat in the quest to deploy 5G.
Security as an afterthought
Every operator is competing to be innovative and to upgrade their networks as quickly as possible - but can be far from adequately ensuring the security of those networks. Often during testing and even during implementation stages, operators are building their networks with little or no thought to generation interworking security.
Security policies are typically an afterthought, which are applied once the network goes live to end-users. While this might be helpful in expediting the deployment of these networks and saving some money, it is a very short-sighted approach. Further down the line, issues will inevitably arise, and operators will be forced to retrofit security that will put a strain on their original budget.
Trying to fix mistakes quickly often results in new solutions being poorly integrated to existing network architecture. Indeed, our experts found that one out of every three successful attacks on 4G networks was related to the incorrect configuration of equipment. This makes it somewhat impossible for the network to tick all the boxes on security requirements.
A complex and different threat landscape
Security challenges can also stem from the need for 5G networks to support a massive number of connected devices. Gartner predicts a huge growth in adoption of the Internet of Things (IoT). With 25 billion IoT devices expected to be connected by 2021, its implementation is set to unleash a highly complex threat landscape, significantly different from previous networks.
As it becomes more widespread, the IoT phenomenon continues to expose more vulnerabilities and security challenges. Device protection is poor - many manufacturers build in only the most basic security provisions from the outset - and malware distribution is easily scalable. Our researchers found that the number of malware campaigns targeting IoT devices grew by an incredible 50 per cent over the last year, during which time we identified more than 1,100,000 vulnerable devices.
The massive DDoS attack carried out by the Mirai botnet which, in 2016, left much of the internet inaccessible on the US east coast, serves as an example of the large-scale damage that can result from exploiting such devices. To avoid a repeat of such an attack, in which regular users can be left without communication, 5G network operators will have to develop new threat mitigation models more attuned to diverse types of devices.
Every 5G network is at risk of DoS attacks due to Diameter protocol vulnerability
Security threats are a real concern for telecoms operators, of 2G, 3G, 4G and 5G networks. Among these, the Diameter Signalling protocol, which is used to authenticate and authorise messages and information distribution in 4G networks, is vulnerable in a number of ways which operators must understand, in order to protect themselves effectively from attack. These legacy vulnerabilities in the protocol means 5G networks built using previous generation networks inherit the same threats - such as tracking user location, obtaining sensitive information and in some cases downgrading users to insecure 3G networks.
Positive Technologies was able to replicate the actions of hackers, we were able to infiltrate 100% of mobile networks. Denial of Service (DoS) attacks, in particular, could be conducted on all mobile networks through Diameter. This affects both 4G and 5G users, because the first generation of 5G networks (5G Non-Standalone) is based on the LTE network core, which means that 5G is susceptible to the same flaws. (Read more here.)
5G networks need comprehensive security
Monique Becenti, channel and product specialist at cybersecurity provider SiteLock says that businesses need to have 5G security "on their radar right now.
"If you're using a mobile device for banking transactions, you're leaving that susceptible to an attacker intercepting that data,'' said Becenti. "With 5G, our main concern is with IoT innovations."
5G is potentially so susceptible for cyberattacks because of its possibilities and flexibility. Everything is managed by software and so that in itself has a security risk. Even core networks are virtualised in software. The sheer number of devices is another factor - billions of devices will be connected to 5G networks.
Finally, 5G networks are no longer centralised so the same checks can't be carried out as with earlier generation networks.
Huawei boss says we need more transparency
Huawei is at the heart of many 5G security concerns, but when chief security officer Andy Purdy recently sat down with the Information Security Media Group to discuss the issues surrounding 5G, he called for more transparency.
Purdy, previously worked for the U.S. Department of Homeland Security, and helped launch the National Cyber Security Division and the U.S. Computer Emergency Readiness Team so is perfectly placed to try and enhance Huawei's reputation in the US.
Purdy says it’s important to make sure that companies “tell the truth about what 5G is, and what 5G isn’t” in the light of some US networks bending the truth about the definition of what constitutes 5G.
On Huawei's current predicament with the US, Purdy says that Huawei “can no longer talk the talk of cybersecurity, we have to walk the walk”.
“It shouldn’t be about us having a transparency initiative,” he further explained. “It should be about the US telecoms, the US government and the major stakeholders calling on Huawei, Nokia and Ericsson, telling us to come forward and say what we are doing, and what we are trying to do.”
Could old vulnerabilities cause security issues for 5G?
One of the main concerns amongst security experts is that new 5G networks are still at risk from older security issues. That's according to telco security firm Positive Technologies, which has released a report on the topic. The findings - contained within a document titled '5G signalling networks: blast from the past' - suggest that vulnerabilities in oft-used telecom protocols will be around for a while yet.
The issue isn't necessarily to do with 5G networks per se, but the fact that newer networks will work alongside legacy infrastructure. And, yes, that means security risks.
”Because of this reliance on legacy infrastructure, hackers can perform cross-protocol attacks by exploiting vulnerabilities in multiple protocols as part of a single attack," says Positive Technologies CEO Dimitry Kurbatov.
"For example, an attack on a 5G network can begin with exploitation of vulnerabilities in 3G to obtain subscriber identifiers. That is why protecting previous generations of networks is essential for 5G security.”
Kurbatov goes on to mention how the biggest threat to the IoT (Internet of Things) is denial of service attacks. While the main issues for IoT equipment are currently in the smart home, this will move further into industry and businesses as the uses of IoT devices evolve alongside 5G.
Security of 5G questioned after researchers reveal 11 vulnerabilities
As if concerns about the use of Huawei technology weren't enough, more security issues for 5G networks have been uncovered after researchers at Purdue University and the University of Iowa found 11 vulnerabilities in 5G networks. The “hackable” areas of the networks uncovered by the research were seen as incredibly easy to exploit, requiring only a working knowledge of 4G and 5G networks.
The vulnerable areas enable an attacker to monitor a user’s uplink and downlink data transmissions, track location, disconnect a user from the network altogether and run down a user’s device battery.
It's concerning as 5G networks are being rolled out without these security concerns being rectified. Managing director at Bulletproof, Oliver Pinson-Roxburgh, described these vulnerabilities as a “scary threat” that cannot be ignored.
EU risk assessment report for 5G
On October 9th 2019 the European Agency for Cybersecurity published a report on the EU coordinated risk assessment on cybersecurity in 5G networks. And it is the first major step in the path towards the implementation of the European Commission Recommendation, adopted in March 2019 to ensure a high level of cybersecurity of 5G networks across the EU. The report outlines the following security issues inherent in the rollout of 5G:
- An increased exposure to attacks and more potential entry points for attackers. With 5G networks increasingly based on software, risks related to major security flaws, such as those deriving from poor software development processes within suppliers are gaining in importance. They could also make it easier for threat actors to maliciously insert backdoors into products and make them harder to detect.
- Due to new characteristics of the 5G network architecture and new functionalities, certain pieces of network equipment or functions are becoming more sensitive, such as base stations or key technical management functions of the networks.
- An increased exposure to risks related to the reliance of mobile network operators on suppliers. This will also lead to a higher number of attacks paths that might be exploited by threat actors and increase the potential severity of the impact of such attacks. Among the various potential actors, non-EU States or State-backed are considered as the most serious ones and the most likely to target 5G networks.
- In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country.
- Increased risks from major dependencies on suppliers: a major dependency on a single supplier increases the exposure to a potential supply interruption, resulting for instance from a commercial failure, and its consequences. It also aggravates the potential impact of weaknesses or vulnerabilities, and of their possible exploitation by threat actors, in particular where the dependency concerns a supplier presenting a high degree of risk.
- Threats to availability and integrity of networks will become major security concerns: in addition to confidentiality and privacy threats, with 5G networks expected to become the backbone of many critical IT applications, the integrity and availability of those networks will become major national security concerns and a major security challenge from an EU perspective.
Could SS7 be the Achilles' heel for 5G security?
An area of growing concern for 5G security is SS7. And Dmitry Kurbatov, CTO of Positive Technologies, examined the risk of using previous generation networks infrastructure for 5G in an exclusive piece for 5Gradar.
The SS7 (Signaling System No. 7) protocols governing the exchange of signalling messages. Although it is decades old, it is still actively used in 2G and 3G networks today. The flaws within the protocol are nothing new but the problems have continued to fester and get worse in recent years. Not only this, but even LTE-only networks using the Diameter protocol instead of SS7 interconnect with previous-generation networks. This means that even 4G networks which use diameter are vulnerable to some attacks via SS7 networks.
Operators have become so focused by 5G, Kurbatov says, that they are taking less action on the 2G & 3G network - a blindspot they cannot afford to have, given the potential threats it presents to both the network & its subscribers. The gaps in the network mean hackers can track a customer's every move, listen in on calls and even strip them of service.
Key takeaways for businesses and IT pros
Didier Wylomanski is Business Development Director for EMEA, and 5G expert at Thales, and he believes that there are inherent opportunities and risks within the adoption of 5G, and that the companies that benefit most will be those that consider every layer of 5G services.
"The most important thing for businesses and IT professionals to know is that parts of our current understanding of data security needs to adapt to meet the demands of 5G technology," Wylomanski told 5Gradar. "5G will expand the attack surface area, with data being located anywhere between a few metres from its origin, or miles away in the cloud."
According to Wylomanski, advanced security controls, such as encryption applied to data at rest or in transit, will also need to be applied to the 5G selected service deployment, at every point in the network.
"Encrypting data is an important first step, but not the only one. It is the equivalent of locking the front door and putting the keys under the mat," said Wylomanski. "Businesses must ensure they keep control and fully secure the entire life cycle of their encryption keys, establishing a truly mastered security strategy over their 5G services.
"Companies must not forget to act on the protection at their application layer in the case of IoT services, implementing end-to-end protection from the device to the application," Wylomanski concluded.