RF & Microwave

Does 5G create new cybersecurity risks?

17 March 2021
Source: Adobe/Jaiz Anuar

5G, or the "fifth generation" of technology standards for mobile networks, is the newest version of all mobile technologies. In 2021, its global proliferation is accelerating.

5G will also be able to accept millions of devices per square kilometer on its network, which will allow it to adapt to ever-increasing nomadic uses, such as the autonomous car generalization or remote surgical operations via robots located on the other side of the planet. The real promise of 5G will come in September 2021, with the third phase of 5G specifications. These are the data centers located a few kilometers from each branch, which will allow operators to process massive amounts of data and set up new applications for businesses.

However, increasing the number of connected devices means that this technology will become a major security issue for governments, people and businesses around the world. Indeed, it also multiplies the entry points of attack for cyber criminals.

Cybersecurity landscape in 5G

The use of 5G will bring new security challenges, some of which are due to the network itself, while others are related to the devices connected to 5G. However, both of these security aspects put consumers, governments and businesses at risk.

Network virtualization

In a 5G world, the network infrastructure will shift from hardware-based network to a virtual or software-defined network (SDN). The implementation of 5G will generate incredible benefits in terms of performance and diversity of applications thanks to the cloud-based resources, virtualization and network slicing widespread uses.

In the pre-5G generation, networks had physical bottlenecks over which security checks could be performed. In an SDN, virtualized network functions (VNFs) operate at the edge of the virtual network. With these changes come new security risks that add additional "attack surfaces" to the 5G security architecture, as a single security breach in a certain part of the virtualized network could compromise the security of the entire network.

Heterogeneous communication technologies (LTE, 4G/5G, Wi-Fi)

The lack of end-to-end encryption in the presence of multiple communication technologies 5G/4G and Wi-Fi will help attackers to intercept data. Therefore, 5G must integrate, in its protocol, end-to-end encryption. This creates a communication system where only devices that exchange information together can read the messages. This technology could really make hacker interceptions more difficult.

Various connected devices

Nowadays, manufacturers do not make cybersecurity a priority for many low-end smart devices. As more and more devices are foreseen to be connected, millions of devices with varying security systems are paving the way for billions of possible intrusion points. Smart TVs, door locks, refrigerators, loudspeakers and even secondary devices, like a thermometer for an aquarium, can be a weak point in the network. Lack of industry security standards for connected devices can lead to network breaches and widespread hacking.

Strain on current security control system

The high communication speed and capacity of 5G will possibly strain current security controls. While current networks are limited in speed and capacity, these restrictions have actually helped operators monitor and respond to security intrusions more quickly. Therefore, the benefits of an extended 5G network could actually compromise cybersecurity. The increase in speed and volume will challenge security teams to develop new methods to stop threats.

Decentralized network

Mesh networks will require rethinking cybersecurity. In fact, with 5G, most traffic will no longer go through a central system. That is to say, each service will be able to create a large number of small independent internet networks. Therefore, this decentralization will create new security challenges as centralized network protection cannot be applied to edge computing.

Short range physical cell towers

The 5G network will require the deployment of a high number of short-range physical cell towers. These towers will then become new physical targets that hackers can exploit. In addition, they will have dynamic spectrum sharing (DSS), which allows specific slices of the network to be used for data transmission. This means that each slice can be attacked independently and will also require the dynamic deployment of a cybersecurity solution.

Old unresolved vulnerabilities

5G also inherited some security vulnerabilities from previous mobile technologies. In fact, the main issues already affecting previous generations of mobile technology, such as GSM 4G and LTE, have not been addressed in 5G standards and projects. One of them in particular, namely the ability to intercept so-called pre-authentication messages between the user's base station and the cell tower, is still part of the 5G specifications, and proposed architectures would allow attackers to intercept unencrypted messages.

Data center

The real revolution of 5G consists in the deployment of data centers, located just a few kilometers from each branch. These will allow operators to process massive amounts of data as well as set up new applications for businesses. Therefore, the real risk is with personal data protection. With 4G, operators did not store the data. They will now be able to do so with 5G, and consumers should be wary of the security systems in place to protect that data.

Most likely types of attacks and defenses

Cyber​​security vulnerabilities can give rise to a wide variety of attacks. Here are some known cyber threats that will likely remain prevalent as the 5G network grows.

  • Botnet attacks allow a network of connected devices, such as puppets, to be controlled in order to launch a massive cyber-attack.
  • Denial of service (DoS) attacks overload a network or website to take it offline.
  • Man-in-the-Middle (MiTM) attacks discreetly intercept and alter communications between two parties.
  • Location tracking and call interception can be launched by anyone even if they have no expertise in paging protocols.

There are some cybersecurity practices and techniques consumers should consider to protect their data in the era of increasing connectivity.

  • Use a virtual private network (VPN) to prevent unauthorized access to data and spying on online activity.
  • Use strong passwords. Always use passwords when possible and make them extremely strong. The best passwords are made up of long strings of random and varied characters. Include uppercase, lowercase, symbols and numbers.
  • Update the default passwords on all connected devices.
  • Install an antivirus solution on all devices.
  • Keep all connected devices up to date with security patches. This includes cell phones, computers, all smart home devices, and even a vehicle's infotainment system. Remember that any device that connects to the internet, Bluetooth or other data radio must have all the latest updates (apps, firmware and operating system).

Conclusion

The implementation of 5G will allow a greater volume of sensitive data to circulate at high speed on advanced networks. However, as with any technology whose security aspects are not firmly established, a breach could have disastrous consequences for individuals and companies.

Despite the improvements made to encryption, authentication and data confidentiality in the recent versions of the Third Generation Partnership Project (3GPP), many of the security problems from the 4G era will persist. Once again, good cybersecurity starts with the individual.

About the author

Mohamed Hadded earned his Ph.D degree in telecommunication systems from Telecom Sud in Paris. He continued his research activities as an R&D cybersecurity engineer. His current activities include research projects on cybersecurity for connected vehicles. His research interests include vehicular networks, cybersecurity, UAVs, game theory and machine learning. His published work has appeared in major journals like IEEE Communications Surveys & Tutorials and in IEEE conferences. He has authored and co-authored more than 30 international publications related to V2X and cybersecurity.

To contact the author of this article, email engineering360editors@globalspec.com


Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the Engineering360
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Advertisement
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter
Advertisement
Find Free Electronics Datasheets
Advertisement