2020 has been a pivotal year for 5G. In a world where almost all work is done remotely, we have never been hungrier for the low latency and higher speeds the technology promises. Today, 5G is trickling into almost every organization on the planet — but when that stream widens into a raging river, will you be prepared? What are the security implications of 5G on your organization? The 5G Security Zodiac attempts to lay out the risks we should consider as we enter a new era of unprecedented speed and connectivity.
1. The Legacy
While it’s true that 5G is the most secure cellular protocol developed to date, we are still years away from “standalone” or pure 5G New Radio (NR) networks. Today, 5G is almost always accompanied by nearby 4G and even 3G networks, and the non-standalone version of 5G allows devices to fall back to the older protocols. These older protocols aren’t as secure as 5G, and there are kits available that allow dabblers to build IMSI-catchers, which can do things like determine the location of a caller, see who they are calling, and when...or worse.
2. The 5G Core Network
When it isn’t our own infrastructure, we don’t often think about the bits and bytes as they move around the core of a network, but we should. The 5G Core is packetized, virtualized, and can run across public and private cloud networks. Your data will transit 5G virtualized networks in the Core, and you may not know what equipment your data is transiting, or who is running it. Of course encryption of data-in-transit is always a best practice, but these days, it’s mandatory.
3.The Towers
In the 5G world, towers aren’t always towers — sometimes they are small cells. The fastest 5G signals are Millimeter Wave (mmWave) or Ultra Reliable Low Latency Communications (URLLC). These signals don’t travel far and they need high density deployments. They also don’t travel well through concrete, human bodies, rain, or anything else. There will be an order of magnitude for more 5G transmission systems than we saw in 4G, and presumably, there will be some rogue cell phone towers and small cells too, hiding in plain sight in a sea of 5G infrastructure.
4. Private 5G
Your company may have warehouses, distribution centers, or assembly lines that choose to deploy private 5G networks. Those devices may benefit from URLLC’s low latency and high speeds, and very often you will be purchasing private 5G networks from a carrier. Providers can carve up dedicated 5G slices with different characteristics — for instance, you might need a network with 20 milliseconds delay and 2 Gbps download speeds. Ask your provider about the underlying equipment running your private 5G network. Do they have a good track record when it comes to security? How often is the software and underlying OS updated? Making sure the private network is secure will likely be a shared responsibility.
5. The Protocol
"In 2019, students from the University of Iowa and Purdue developed a tool called 5G Reasoner that found 11 vulnerabilities in the 5G protocol."
Russ Mohr, MobileIron.
When 5G is running in its purest state and hasn’t fallen back to protocols with known vulnerabilities like 3G and 4G, there can still be risk. In 2019, students from the University of Iowa and Purdue developed a tool called 5G Reasoner that found 11 vulnerabilities in the 5G protocol. While some attacks can knock a device off the 5G network to one using older protocols like 4G that may have more vulnerabilities to exploit, others allowed attackers to determine location, launch MiTM attacks, and hijack paging channels. Of course, the 3GPP governing body can address 5G vulnerabilities, but leading vendors like Nokia, Ericsson, and Huawei must adapt the new specifications and release new software updates. Even after new code is available, the carriers that own the equipment must complete testing and roll out the software to their towers and small cells — which can take anywhere from months to years.
6. The 5G Edge
One of the touted aspects of 5G is Multi-Access Edge Computing, or MEC. With MEC, we move compute power closer to the edge so that we can capitalize on what low latency 5G technologies — like mmWave — bring to the table. For instance, with Vehicle to Everything (V2X), you may wish to control a self-driving car that needs to respond to a developing situation to avoid an accident in 10 milliseconds. If the application and the compute are closer to the endpoint on the 5G network, we can increase our response time. Amazon, for instance, is migrating Elastic Computing (EC2) to the edge with their AWS Wavelength product, which co-locates a data center in a Verizon facility. But, we should be asking ourselves — do we need to go to extraordinary means to protect the data and applications that live there?
7. The Endpoint
It’s certain that we will see 5G grow, especially as we reach economies of scale with 5G chipsets and we open up low to medium end phones to 5G experiences. Consumers will have 5G devices, and they will be handling company data on them, which is a given with every worker now working from home. Presumably we should do something to protect this data transiting unknown 5G and WiFi networks.
We’ll also see 5G chipsets in laptops, which might even lead to faster speeds than your home WiFi. Carriers that have made a significant investment in spectrum, 5G base stations, fiber, and everything else that connects them, will monetize this work and expand their reach into the desktop world. We should imagine a world where the challenge of finding good Wi-Fi for a laptop no longer exists.
"Whether it be a “smart” thermostat with a password of “Password123” or a smart sensor in a corn field, many of these devices will ride the 5G network."
Russ Mohr, MobileIron.
And, of course, IoT devices. Whether it be a “smart” thermostat with a password of “Password123” or a smart sensor in a corn field, many of these devices will ride the 5G network — and they won’t be secure. Many purpose-built IoT devices will reach EOL on updates (sorry, no upgrade is currently available for your toaster) yet they will continue to run long after we’ve forgotten about the companies that built them. They may be running long-neglected and susceptible legacy protocols, or running Linux variants, which will be very useful landing points to launch attacks from — and not just to burn the toast.
8. The Trusted Carrier
Not all carriers are equal — at least according to the US Department of State. The US has handpicked some carriers that use equipment from trusted supply chains. Does your company have an acceptable use policy when it comes to mobile networks or roaming? Will your company treat all 5G carriers as trustworthy? Will you implement policies designed to protect employees and their data when they join untrusted networks?
9. The Supply Chain
The news has prominently featured the supply chain. In the UK, Huawei has been banned from 5G networks by the Department of Digital, Culture, Media and Sport (DCMS) and their equipment must be removed from production networks by 2027. Huawei in particular has been accused of implementing back doors to intercept data in telecom networks. Does your company have a policy about trusted vendors?
10. The Backhaul
All this high speed wireless bandwidth is going to need to be funneled back to edge and core networks from an immensity of base stations and small cells. They will need new fibre, and in some cases, wireless backhaul. How are these assets protected by the 5G provider? Can they be a launching point for the ultimate Man-in-the-Middle attack (MiTM)?
11. The Workforce Diaspora
Homebound employees are going to see greater choice when it comes to broadband connections. In some cases, 5G will become the primary pipe to the home. How will your company secure employee networks? There are many vendors building 5G routers that can be deployed to residences. Will those vendors run a current version of the 5G protocol that addresses vulnerabilities as they arise? What other vulnerabilities might be present in those routers? And, will your company consider using 5G backhaul for branch offices or in your headquarters? Will you or the 5G provider own and maintain this equipment?
12. A Sea Change in User behavior
"Connecting to an enterprise network via a WAN or corporate WiFi network is going to become an unnatural act."
Russ Mohr, MobileIron.
As 5G becomes more ubiquitous and end-users shift to remote work and cloud services, connecting to an enterprise network via a WAN or corporate WiFi network is going to become an unnatural act. The 5G connections are faster, and the services we are using don’t live behind the company firewall. Traditional approaches to protect data behind a firewall will no longer be effective.
According to a Booz Allen report, we may also see more people using 5G hotspots as their primary connection to the internet. 5G hotspots will expose new risks, beginning with poor password management, but also caused by overdependence on ubiquitous chipsets like Qualcomm. For example, in 2018 Meltdown and Spectre allowed for exploits on many common Intel chipsets, and more recently Apple had a similar issue with T2 security chips commonly found on Macs.
We Need a Better Mousetrap
As you can see, there are a lot of risks, including many that aren’t touched upon in the 5G security zodiac. However, you shouldn’t panic. With every advancement comes with a host of security risks, but there are approaches we can take to secure our organizations.
By far the best strategy for mitigating risk is Zero Trust — an approach to 5G security in which you must never trust and always verify. Most of the components described in this article fall outside of any company's domain, but by taking a comprehensive Zero Trust approach on what we can control — the endpoints, the applications, the edge networks we own, and encrypted transport — we can begin to ensure the sanctity of our data as we navigate the 5G security zodiac.
