Business
Private
SEKExc. Vat

5G: a new generation of cybersecurity threats?

The new era of 5G is approaching. That means a new network with incredible speeds, an unprecedented ability to handle vast amounts of data and almost non-existent latency.

With plenty of buzz around the many doors opened by the new 5G network, ways to implement it and innovative applications that will follow in its wake, it’s easy to get lost in the excitement of this new and shiny opportunity. However, for many practical thinkers and governing bodies alike, the alarm bells are ringing. Their concern: security.

With 5G still in its infancy, many of the big decisions around security that will shape the new network have yet to be made, and many of the risks affecting it are yet to be evaluated. Given the increasing threat of cyberattack and new concerns about user privacy in today’s connected world, the cyber security landscape will need to be at its sharpest when the time comes to ramp up to 5G.

But before we consider the risks threatening the 5G network and the architecture benefiting from it, why is security so important when it comes to 5G?

Bigger scale – bigger risks

5G will have an incredible impact on the way the world works and is rightfully hailed as the harbinger of the fourth industrial revolution. If you think your environment is connected now, 5G will scale this up dramatically: the number of IoT devices alone is expected to rise from 8.3 billion in 2019 to 21.5 billion by 2025.

With a whole new Internet of Things seamlessly connecting everything from flowerpots to heartrate trackers to predictive maintenance systems, our reliance on smart connected devices using 5G for applications in all aspects of our lives will increase in line with the amount of data they are able to handle. However, with this reliance comes risk.

Service outages, no matter the cause, could be devastating considering the vast amount of data that could be moved across the 5G network every second. Similarly, the high quantities of data accessed through 5G provide a much broader attack surface than the relatively conservative amount moved via 4G. With an entanglement in our infrastructure imminent, it may not even be possible to turn back to 4G once the transition to 5G has been completed.

5G is a superlative in terms of benefits; however, the sooner we accept that its security risks have been scaled up to match, the sooner we can address the need for appropriate solutions. As an immature and, as of yet, insufficiently tested technology, the 5G network as the champion of a world full of IoT devices provides an easy attack target both in its own network as well as in the devices connected to it – unless we commit to a real investment in security.

Risk 1: Hackers, botnets and other threats

The IoT botnet is old news when it comes to security risks online. The devastating power of these networks of devices infected with malicious software controlled as a group by hackers has been harnessed since the IoT was first on the rise.

In 2018, IoT botnet activity represented 78% of malware detection events in communication service provider networks, and it is likely to rise in the 5G network. With an increase in adoption of IoT devices and growing but new architecture supporting them, new avenues are opening up for hackers to gain access to the millions of devices in access points to the network itself.

Of course, IoT security is a well-known issue and solutions are already in place. Through the implementation of 5G, whatever insecurities exist in processes, procedures and policies will come to light, and the capacity for distributed denial-of-service (DDoS) attacks, cryptojacking and other risks is much greater with the wider attack surface the 5G network offers – so protections need to be scaled up proportionally.

Recent research has also uncovered a vulnerability in the 5G Authentication and Key Agreement (AKA), a protocol that provides authentication between a user’s phone and the cellular network. This vulnerability allows international mobile subscriber identity-catchers (IMSI-catcher devices) to downgrade AKA, gaining access to mobile phone traffic metadata and hence being able to track the location of mobile phones. This risk has already been reported to all relevant stakeholders who are hard at work to improve the protocol for the next generation of 5G AKA, the release of which is to be completed by the end of this year.

With these new risks already raised and more still being discovered, the adoption of 5G can seem daunting. However, this is also a chance to implement proper security protocols and policies as the architecture is being created. With security concerns raised at every stage, the timing has never been better to address and learn from them as we progress to the new age of 5G.

Lines of code the skull design

Risk 2: Staying ahead means falling behind

It’s all systems go when it comes to developing and adopting 5G – customer demand is through the roof, and companies are understandably keen to get involved with this massive opportunity for advancement and profit. That means the race is on, and the first actor in each sector to offer 5G – whether that’s providing the network or offering applications that harness its power – stands to gain the most. However, this mentality can lead to skewed priorities.

With limited budgets available in IT teams, it’s up to enterprise leaders to decide which areas to focus on – and the incentive to prioritise 5G rollout over addressing its security issues is high.

Similarly, in government, policies have not yet caught up with the rapidly advancing technology. Glenn Gerstell, the US National Security Agency (NSA) General Counsel, has highlighted the challenges that come with this speedy adoption. In the past,

In the past it took decades for the technology to become pervasive. And during that period of time, we were able to sort the rules of the road out. […] We haven't worked that out yet in the cyber world. We are willing, seemingly, to tolerate some level of cyber insecurity.

This almost creates the impression that, when it comes to 5G, we were so preoccupied with whether we could that we haven’t stopped to think whether we should. With some risks not yet properly evaluated – for instance, as of yet no research has been completed on 5G’s potential health risks – 5G might end up with more downsides than upsides, and enabling some abilities that do more harm than good.

US government building with american flag outside

Risk 3: Big Brother is watching

In a connected society, we benefit from our IoT devices communicating with each other to make our lives easier – whether that’s through self-driving cars, a fridge ordering milk when it runs out, or a smoke alarm sending a push notification to your phone.

But we’re not the only ones who use this data. Traditionally, telecom companies have been quick to sell on location data to marketers, and 5G will significantly increase both the amount of data available as well as the ease of accessing it. This might not always be in consumers’ best interests.

With unprecedented levels of data soon to be recorded on where someone has come from, where they are going and what they are doing, we should be concerned about this data falling into the wrong hands.

Depending on a country’s laws, governments could use it to track protesters, share with insurance companies or trace individuals. While a full surveillance state is probably not currently on the cards within the European Union, recent examples from China demonstrate how much scarier 5G can make surveillance: in combination with cameras and AI, the Chinese government is using it to track members of a minority group. Increased surveillance is clearly a risk. Just how big is it, and who else is watching?

Surveillance cameras

Risk 4: National security – the case against Huawei

Chinese company Huawei, a manufacturer of telecommunications and consumer electronics as well as a frontrunner in deploying 5G, has recently come under fire for the alleged risk it poses to national security through cyber espionage.

Many governments have expressed concern that China’s National Intelligence Law, which directs companies to "support, cooperate with and collaborate in national intelligence work", will allow the Chinese government access to sensitive data transmitted via 5G if Huawei becomes heavily involved in the provision of 5G networks in other countries.

Even worse, there could be a potential for cyber-attacks facilitated by Huawei. These concerns have led the US and Australia to ban Huawei from providing equipment for their 5G networks, and other countries are still evaluating their relationship with the company.

However, there is currently no evidence that Huawei spies on behalf of its government, and the company vehemently denies any involvement in cyber espionage. Often the cheapest option, and the player that can help push out 5G faster than any competitor, countries like the UK continue to rely on Huawei equipment in building their 5G network. Even though the UK has banned Huawei from providing core parts of the new network, espionage accusations are too unfounded to justify an outright ban. A culmination of the previously addressed risks that come with rolling out 5G, the best way to address concerns about Huawei is ensuring the network architecture remains secure at its core – a challenge countries like the UK feel more than equipped to handle.

Surveillance cameras

The big picture

We’re on the cusp of the biggest innovation in our technological landscape since the introduction of the IoT. The 5G network will drive forward essential technologies and enable inspired new applications in the fields of automated driving, medical technology and many more. Its importance and vast reach across all parts of our lives cannot be overstated – and so its security is a vital concern that needs to be addressed sooner rather than later. With concerns in many different fields, this developmental phase is crucial in determining threats and finding secure solutions.

While the picture might seem bleak at the moment, the connected world we live in also offers the best way of addressing security concerns. Excitement for the 5G network is the best driver to ensure different governments, telecommunications providers and network architects work together to shape the new network into one that is fit for the future. Everyone is getting involved – and soon, we will all be able to reap the benefits of a secure 5G network.