By now just about anyone with an interest in technology has heard about the hype around 5G. And at Black Hat 2019, there was plenty of discussion around the promise of connected devices running on 5G networks.
But Dean Weber, Chief Technology Officer with Mocana, says “not so fast.”
“5G for the foreseeable future is a lot of hype. To get to 5G mesh networks it’s going to require billions of dollars of investment,” he said.
While several large cities in the US are rolling out 5G networks, before we get to a world with the widespread use of 5G, a lot obviously needs to be worked out with the security around it too. Hailed initially as an ultra-secure protocol, one session at Black Hat proved that to be far from true.
While the presenting researchers, Altaf Shaik of the Technical University of Berlin and Kaitiaki Labs and Ravishankar Borgaonkar of SINTEF Digital, noted 5G is a vast improvement over the previous 2G, 3G and 4G networks, 5G does have some vulnerabilities. Among those weaknesses: The two demonstrated how 5G technology is susceptible to mobile network mapping exploit. Their finding revealed it is possible for criminals to use unencrypted data to get information about a device, determine what kind of device it is, and learn the chipmaker, model, operating system, as well identify and locate where a device is located. This is useful information if there is a specific target in mind. The researchers were also able to demonstrate an attack that allowed them to drain the battery of an IoT device.
It’s not just security researchers who are poking holes in security around 5G. The Department of Homeland Security recently released a paper warning of the potential for risk around 5G networks, particularly for military networks, which often use older technologies and capabilities that lag behind those available to business and consumers.
“5G hardware, software, and services provided by untrusted entities could increase the risk of compromise to the confidentiality, integrity, and availability of network assets,” the report said. “Even if U.S. networks are secure, U.S. data that travels overseas through untrusted telecommunication networks is potentially at risk of interception, manipulation, disruption, and destruction.”
Most analysis on 5G is that despite what is coming out about potential weaknesses, it is still a more secure standard than 4G. Testing and work to investigate 5G at both a national and international level will hopefully minimize the risks, said Weber.
“We don’t even know all the new vulnerabilities it will have,” he said. “There’s a lot that we don’t know about yet. The CTIA (Cellular Telecommunications Industry Association) and other big wireless consortiums are working with the technology framework, but while the design is there, we just don’t know what we don’t know.”