As 5G becomes more ubiquitous across the globe, the security community is given more of a chance to review and understand the potential security concerns associated with implementing the standard. These security concerns fall into two categories: inherited flaws and out-of-specification issues.
Bloomberg reports (opens in new tab) that it will cost hundreds of billions of dollars to upgrade from 4G/LTE to 5G. This is a massive cost for any company or nation to bear, requiring many companies to slowly phase in the next generation of cellular technology over the next decade. Because these partial 5G networks rely heavily on pre-existing 4G/LTE technology, they will also absorb their vulnerabilities.
Because of how fast technology moves forward, it can be difficult even for tech enthusiasts to keep up to date, let alone non-technical people. To ensure that everyone has sufficient time to upgrade, new standards are typically made to support older ones as well. However, in allowing support for older generations, downgrade attacks can potentially be performed.
Downgrade attacks trick users into leveraging the insecure and out-of-date versions of a protocol. These types of attacks can be found everywhere. For instance, the Transport Layer Security (TLS) protocol that a browser leverages to securely surf the internet. Even the latest TLS version published in 2018 has been found to be vulnerable to downgrade attacks (opens in new tab). But, there’s an easy fix. A web browser can be configured to limit access to websites that leverage the latest, most secure protocols, disabling anything deemed insecure. With those protocols disabled, if someone attempts a downgrade attack against, the browser will simply refuse.
Cellular devices don’t have the same flexibility that web browsers do. When a mobile device connects to a cellular network, the user has no control over the process. There’s no setting in an iPhone or a Pixel that can be configured to prevent a phone from connecting to out of date and insecure cellular networks (like 2G). The Electronic Frontier Foundation (EFF) are actively lobbying tech giants, namely Apple, Samsung, and Google, to allow users the ability (opens in new tab) to disable insecure cellular standards within their devices. Until these changes are implemented, adversaries have the potential to side-step all the security controls implemented by 5G by performing downgrade attacks.
The current 5G standards define very explicit details, but there’s a number of areas of 5G that are deemed out-of-scope. It’s these areas that companies and network operators have to figure out on their own and therefore where there is the highest probability of being wrong. This includes security problems with the cloud, web application vulnerabilities, and privacy concerns.
Cloud computing vulnerabilities
To enable the flexibility of virtualization and network slicing, many companies will push their 5G environments into the cloud. Empowering 5G with cloud will result in many benefits. However, these benefits come at a cost. Cloud misconfigurations are frequently cited in the news, such as storage services open for anyone to browse, or management interfaces exposed with default credentials. Telecom companies will need to ensure their cloud environments are completely secure before going live.
Another consideration is attacks from inside the 5G network. Unlike previous generations of cellular standards, 5G will be required to execute potentially untrusted third-party code within its environment. With multi-access edge computing, companies will be able to run applications in edge locations all around the world.
Web application issues
With 4G/LTE, rather than having separate protocols for voice, text messages, and data, all communications are treated as Internet Protocol (IP) packets. On top of IP, custom telecommunications protocols were built. 5G eliminates these custom protocols and instead leverages HTTP for internal network communication.
The adoption of such a well-known standard will enable flexibility in the future for upgrading or changing components. However, it will also lower the bar considerably from a security perspective, allowing adversaries to attack core infrastructure. Web related vulnerabilities are thoroughly documented by organizations such as OWASP and can allow anyone to understand and attack the next generation of wireless technology.
Complications managing user privacy
In recent years, end-user privacy has become a focus around the world. Researchers are examining the controls within 5G, looking to identify improvements to the standard before the design is finalized. In the whitepaper “5G Privacy Scenarios and Solutions (opens in new tab)”, researchers identified that one of the main privacy concerns relates to responsibility ambiguity.
And all of this is assuming that a nation state has implemented 5G with industry best practices. To ensure confidentiality and integrity of over-the-air communication, 5G leverages the New Radio Encryption Algorithm (NEA) and New Radio Integrity Algorithm (NIA) respectively. Both algorithms support the highly secure Advanced Encryption Standard (AES).
As 5G becomes ubiquitous, lawmakers around the world will need to devise adequate policies to ensure there are no gaps in protecting end-user data.
The emergence of the fifth generation of cellular technology will revolutionize the world and facilitate unprecedented use of internet-connected devices. As it stands, the security of the protocol is not only with the researchers developing the standard, but also the law makers developing policies that pertain to 5G. Entities involved in deploying the next generation of cellular technologies need to ensure they are considering security early in the planning stages, ensure that any third party code running at the network edge is safe and isolated from the rest of the network, and that their overall cloud configurations are secure and adhering to best practices. Because at the end of the day, the security of 5G rests in the hands of the entities implementing it.