Cyber SecurityFeatured News

Report finds 5G launched with security flaws

Positive Technologies has released its report 5G Network Security: Vulnerabilities Old and New, which outlines some of the greatest risks facing 5G networks as they begin to launch around the world. 5G promises superfast connection speeds, ultra-low latency and greater capacity representing huge opportunities for operators to transform their businesses, allowing them to offer new services and generate revenue through previously unavailable means of monetisation. However, these opportunities will be accompanied by risks.

Positive Technologies experts pioneered research into telecom security. They were the first to discover the security issues associated with SS7 back in 2014, showing how such flaws could be exploited for everything from remotely intercepting phone calls to bypassing 2FA for access to social media profiles. With their deep knowledge of the latest 5G networks, the report outlines what is known about the standardisation and architecture of 5G networks and what security issues could come to the fore as a result.

Vulnerabilities inherited from legacy networks

Positive Technologies experts highlight that many 5G networks will have known vulnerabilities from day one, due to the fact that they rely on existing 4G infrastructure. According to 3GPP Release 15 for 5G which came out in summer 2018, the first wave of 5G networks and devices is classified as Non-Standalone (NSA). In other words, devices will connect to 5G frequencies for data transmission when needing greater bandwidth and lower latency (such as for communication between smart cars), or to reduce power draw on IoT-enabled devices, but will still rely on 4G and even 2G/3G networks for voice calls and SMS messaging.

Therefore, at least during the transition period, future 5G networks will inherit all the vulnerabilities of previous generations. Every Diameter-based 4G network examined in a recent security audit was found to contain vulnerabilities which hackers could exploit to perform a range of illegal actions, such as locating users, intercepting SMS messages and instigating denial of service (DoS) attacks. This means the first networks will remain vulnerable to these attacks.

Jimmy Jones, Telecom Business Development Lead, said: “Operators and equipment manufacturers alike have a unique chance to avoid repeating the mistakes of previous generations, where network security issues had to be resolved on the fly in active infrastructure. Acutely aware of the vulnerabilities that may lay ahead, they can – and should – be building security provisions in from the start, during the development of any new network technology. After all, the huge amount of investment into the development of 5G networks requires some form of insurance. As we enter the 5G era, using security as a criteria for quality will give operators a competitive edge.”