The 5th generation of cellular wireless technologies, known as 5G, is more than just a faster version of 4G. The benefits of this entirely new type of network include lower latency and the ability to accommodate many more connected devices. Therefore, 5G has the potential to support advancements in multiple industries, including energy and utilities, aviation, transportation, and smart city services.
However, these benefits come with some potential drawbacks. As with all internet-related technology, security is a concern. For example, unencrypted information can be employed to track and spy on users and manipulate data. Hackers can also perform “downgrade” attacks that downgrade a user’s service to 3G or 4G and take advantage of vulnerabilities there.
Granted, 5G is also more secure in some ways. A recent Wired article states, “Many [security wins in 5G] relate to anti-tracking and spoofing features that make it harder for bad actors on a network to track and manipulate individual device connections.” But these positive security aspects don’t cancel out the negative ones. Here we explore some of the security issues associated with 5G.
The China Factor
Before discussing the security challenges inherent in 5G technology, it’s worth pointing out that many have serious concerns about where that technology will come from. Chinese technology companies’ involvement in setting up 5G in the U.S. could be problematic if the Chinese government directs them to perform the setup in such a way that grants Chinese authorities remote access.
According to a recent Foreign Policy article, “Eavesdropping is […] a risk […but] more insidious is the possibility that Beijing could use its access to degrade or disrupt communications services in the event of a larger geopolitical conflict.” Given the number and type of devices that will be connected using 5G, such an act could be highly disruptive.
Yet, such vulnerabilities exist no matter who provides the software and hardware, making proposed bans on Huawei and other Chinese vendors an insufficient response. Instead, the Foreign Policy article believes that “the United States needs to accept 5G’s insecurities and build secure systems on top of it.”
The following video explores the topic of China’s involvement in deploying 5G networks in the U.S.:
Connection to Older Networks
Because the 5G won’t be instantly deployed everywhere, most networks will use it in conjunction with 4G or even 3G or 2G during the transition. Therefore, these blended networks will be subject to some of the security problems that exist with the older generations. Additionally, according to a GCN article, “many of the security protocols and algorithms for 5G are being ported from the previous 4G standard.”
The article points out that this issue makes several types of attack possible, including mobile network mapping (MNmap) attacks in which individual or groups of devices can be detected and targeted, and man-in-the-middle (MiTM) attacks in which hackers steal information that allows them to modify device operation prior to security being applied.
Device and Network Attacks
Part of the benefit of 5G is that it has the capacity to connect more devices than ever. The Internet of Things (IoT) is based on that capacity. Now all the smart cars, smart home devices, smart city implementations, smart grid applications, and so many more newly networked items will have a way to connect to other devices and to humans. However, more devices mean more potential attack targets.
The reason for security vulnerabilities in IoT devices stems from poor planning on the part of manufacturers and retailers based at least partly on consumer demand. Brookings states, “Because consumers didn’t consider cybersecurity in their purchase decisions of low-cost connected devices…retailers didn’t prioritize security in their decisions of what to stock.”
As a result, many devices are sold with weak default passwords like “admin,” or “password.” Many users never change the passwords or otherwise set up their devices insecurely. Criminals can employ two types of attacks against such vulnerable devices: a “botnet,” which uses connected devices as weapons and “distributed denial of service” (DDOS), which overwhelms a network or website with messages. Such attacks can result in data breaches as well as attacks on devices using the same connection.
Networks can be targets as well. An article published by CPO Magazine points out that “vast amounts of remote sensors and smart devices hooked up to global supply chains…will radically increase the complexity of securing corporate networks from intruders and cybercriminals. And the sheer amount of data being created by 5G networks will make it much more difficult to spot anomalies in user behavior resulting from hackers.”
No matter how secure 5G may be on its own, company network operators can change that based on their deployment. According to the Wired article cited above, “If they make mistakes or cut corners in how they set up the technology they can introduce new and unforeseen risks and vulnerabilities into the system.” Customers of these companies will have no way to know how careful operators have been.
That’s why some have suggested a reward system for those who do. The Brookings article states, “There needs to be a new corporate culture in which cyber risk is treated as an essential corporate duty and rewarded with appropriate incentives, whether in monetary, regulatory, or other forms.”
The widespread use of 5G networks will enable a level of connectedness between humans and machines that has never been possible before. It’s an exciting era in technology for businesses, organizations, governments, and consumers. But every new technology advancement brings with it the potential for misuse and 5G is no exception. Here are the key points to remember about security concerns with 5G:
- 5G will be more secure in some ways but less in others.
- Many are concerned that software and equipment from Chinese companies will come with the ability of the Chinese government to eavesdrop or disrupt communications. Yet installations from anywhere pose the same risk, so operators must build in their own security solutions.
- The use of 4G in conjunction with 5G brings risks associated with older technology.
- Hackers can target individual devices or an entire home or corporate networks.
- No matter how secure 5G may be, the implementation by network operators will be critical for ensuring the safety of their users.