Many enterprises and sectors are unaware of the 5G security vulnerabilities that exist today. Choice IoT says it’s critical for businesses to have a plan for discovering and overcoming them at the outset of a 5G/IoT platform rollout to avoid future cybersecurity disasters.
There is a big difference between the promise of 5G low latency, higher bandwidth, and speed for businesses versus the security of 5G. While many are excited about Gartner’s prediction of $4.2 billion being invested in global 5G wireless network infrastructure in 2020, few discuss the business costs of its unheralded security holes.
That’s an ongoing conversation that 5G and IoT solutions experts like Choice IOT’s CEO Darren Sadana are having with enterprises with 5G plans on the drawing board. “Businesses will need a strategy for overcoming 5G’s inherited security flaws from 4G or face major losses and privacy catastrophes.”
5G is poised to drive IoT, industrial IoT (IIoT), cloud services, network virtualization, and edge computing, which multiplies the endpoint security complications. Although the manufacturing sector cites IIoT security as the top priority, the combination of 5G security vulnerabilities may come back to haunt them.
Pinpointing 5G security vulnerabilities
According to an Accenture study of more than 2,600 business and technology decision makers across 12 industry sectors in Europe, North America and Asia-Pacific, 62% fear 5G will make them more vulnerable to cyberattacks. At the root of the problem is the reality that many of the security problems stem from the software-defined, virtualized nature of 5G versus the hardware foundations of earlier LTE mobile communication standards.
It’s central role in IoT is a strength and a weakness where endpoints are highly localized and beyond the network edge. The 5G network promises of device authentication, device encryption, device ID, and credentialing are positives, but the flip side is that many of those pluses also carry security dangers.
The nature of how signals and data are routed in 5G/IoT networks can lead to Mobile Network mapping (MNmap), where attackers can create maps of devices connected to a network, identify each device and link it to a specific person. Then there are Man-in-the-middle (MiTM) attacks that enable attackers to hijack the device information before security is applied.
There are also supply chain security challenges with platform components bought from overseas that harbor inherent security flaws. This can be seen in the backdoor vulnerabilities alleged to be purposely built into mobile carrier networks supplied with equipment from Chinese equipment giant Huawei.
The back doors would allow malicious actors to get target location, eavesdrop on calls, and enable the potential for ransomware injection into a 5G network targeting a mobile carrier.
Other vulnerabilities covered across the wireless and IoT sectors include SIM Jacking, Authenticated Key Exchange protocols (AKA) and a host of base station backdoor vulnerabilities.
IoT for everything from smart homes, medical devices and machine to machine (M2M) operation to smart cities/power grids and autonomous vehicles are threat targets. They all give attackers multiple ways to manipulate interconnected IoT devices communicating data via 5G networks.
DDoS attacks, the ability to take control of video surveillance systems and medical devices, and more are all possible due to this broader attack surface and inherent 5G vulnerabilities.
Plugging the holes
The picture doesn’t have to be a bleak one for businesses and enterprises that want to maximize the benefits of 5G while eliminating its vulnerabilities across sectors like healthcare, utilities, finance, automotive, communication and many others.
A U.S. Senator, recently called on the FCC to require wireless carriers rolling out 5G networks to develop cybersecurity standards. Sadana and other experts make it clear that assessment, discovery, and planning are key. They form the foundation for 5G/IoT platform buildout vulnerability identification and system modifications that encompass IT/OT and wireless connectivity.
Sadana points to the NIST National Cybersecurity Center of Excellence (NCCoE), which is developing a NIST Cybersecurity Practice Guide. This will demonstrate how the components of 5G architectures can be used securely to mitigate risks and meet industry sectors’ compliance requirements across use case scenarios.
“While this goes a long way to providing a standardized practices roadmap for companies in creating 5G platforms that are secure, it’s only a start,” explained Sadana. “5G is still the wild west with things changing every day, so businesses need IoT/IT security expert partners that can help them plan from the ground up.”