Certain security errors in 2G, 3G and 4G have not been resolved and 5G is also vulnerable, says a new report from Positive Technologies.
The importance of wireless ISPs in the age of 5G
5G networks require more base stations than previous LTE networks, making deployment in suburbs and rural areas expensive. Provide WISPs at remote locations using non-licensed spectrum bands.
5G is touted by many as the newest and best wireless technology with higher speeds and lower latency than its predecessors and the ability to juggle multiple devices, including Internet of Things (IoT) hardware and other demanding items. However, in some circles, including the European Union, concerns have been raised about security weaknesses inherent in the new version of Wi-Fi.
The 5 Technologies report, “5G Signaling Networks: Blast from the Past,” was released on Wednesday and explains why 5G is vulnerable to vulnerabilities and what mobile operators can and should do to better protect 5G networks.
SEE: 5G technology: a guide for business leaders (TechRepublic Premium)
For the sake of interoperability, every new generation of Wi-Fi has many of the features and functions of earlier versions. 5G relies on 4G networks and 4G performs certain functions via 2G / 3G technology. But this process of inheritance means that every new generation is also born with some of the weaknesses of earlier versions.
As an example of Positive Technologies, Signaling System is No. 7 (SS7) a system of protocols for exchanging signaling messages used in 2G and 3G networks. But SS7 has certain built-in errors that allow bad actors to carry out a series of attacks, including eavesdropping, SMS interception and fraud.
As another example, 4G networks use the Diameter signaling protocol, which is also accompanied by security breaches that allow hackers to perform the same series of attacks.
And another example: GTP (GPRS Tunneling Protocol) is used to transfer traffic on 2G, 3G and 4G networks. But just like the other protocols, GTP contains errors that allow cyber attacks to intercept user data.
Although newer, more secure protocols are available, the older, unsecured protocols will exist for years to ensure interoperability with earlier versions of Wi-Fi.
During the transition to 5G, new technology devices will connect to the new Wi-Fi flavor to send data, but will remain dependent on 4G and even 3G / 2G networks for voice calls and text messages.
Because 5G networks communicate with other mobile networks, hackers can exploit the weaknesses in multiple protocols. An attacker targeting a 5G network can take advantage of 3G vulnerabilities.
In a realistic example cited by Positive Technologies, hackers exploited errors in SS7 in early 2019 to intercept text messages used for two-factor authentication by Metro Bank customers in the UK. In another incident involving a German mobile operator, hackers were able to steal money from customers’ bank accounts.
The security errors of 5G can also have an impact on deno-of-service attacks, according to Positive Technologies, according to IoT devices. Hackers can make home or industrial IoT devices unavailable at a critical moment. To benefit from 5G, IoT devices will increasingly depend on a strong mobile connection, but also on one that is secure.
For mobile operators and other companies involved in Wi-Fi, Positive Technologies offers several recommendations that can help protect 5G networks against external attacks.
- Follow the security guidelines of the Global System for Mobile Communications (GSMA). Mobile operators must adjust GSMA guidelines. Specifically, security must be tested to determine the effectiveness of current procedures, to identify vulnerabilities and risks, and to identify areas for improvement. Security settings must also be up-to-date with authentication, both periodically and whenever network equipment is added or changed.
- Monitor signal traffic. Signaling traffic must be monitored and analyzed if it crosses the network boundary as a way to find potential threats and configuration errors. To set this up, mobile operators can use special threat detection systems to analyze signal traffic in real time and detect atypical activity by external hosts. These systems can block illegal messages without harming network performance and sharing information with other forms of protection.
- Security must have priority in advance. For mobile operators, security must be a priority during the design phase of a 5G network. Any attempt to implement security on closer inspection is likely to result in higher costs and an inability to resolve security errors in the long term.
- Detect, respond and check. Continuous real-time detection of threats is vital to determine the effectiveness of network security and to support the detection and resolution of security errors. Analyzing generic vulnerabilities and current or emerging threats can help secure the network. Finally, auditing provides insight into the network to better understand ever-changing risks.
Mobile Enterprise newsletter
BYOD, wearables, IoT, mobile security, remote support and the latest phones, tablets and apps that IT professionals need to know are some of the topics that we will cover.
Delivered on Tuesday and Friday
Image: iStockphoto / Tanaonte