image credit: Pixabay

5G Security Concerns for 2020 and Beyond

February 24, 2020


A new decade fresh with opportunity is upon us, along with new opportunities for cybercriminals to prove their skills. 

Cybersecurity threats have become increasingly ingenious over the last couple of years. To think that it all started out as “phone phreaking” in the late 1960s and early 1970s—with a box not bigger than a cigarette case that granted operator access and the ability to get free calls anywhere in the world if the right buttons were pushed in the right sequence.

The motive back then was not entirely malicious, but rather seen by hackers as an intellectual challenge, a feat motivated by the desire of breaking the rules and the sense of power that came along with it.

For the most part of the 1970s and early into the 1980s, cyber-crimes were driven by curiosity—and not just profit gains. It all took off in the 1990s when the Internet began to be adopted on a worldwide scale, which formed the perfect conditions for cybercrime all over the world.

It all evolved into what we know today—a multitude of hacking opportunities spanning various devices and industries, driven by clear financial motives.

What’s Next?

Now that 5G technology is on the brink of being adopted, various security concerns have come to light; the European Commission (EC) published a report on EU coordinated risk assessment of 5G network security, which can be summed up as potentially having the following effects:

  • Increased exposure to attacks and more potential entry points for attackers: With 5G networks increasingly based on software, risks related to major security flaws, such as those deriving from poor software development processes within suppliers are gaining in importance. They could also make it easier for threat actors to maliciously insert backdoors into products and make them harder to detect. 
  • Due to new characteristics of the 5G network architecture and new functionalities, certain pieces of network equipment or functions are becoming more sensitive, such as base stations or key technical management functions of the networks. 
  • Increased exposure to risks related to the reliance of mobile network operators on suppliers. This will also lead to a higher number of attacks paths that might be exploited by threat actors and increase the potential severity of the impact of such attacks. Among the various potential actors, non-EU States or State-backed are considered as the most serious ones and the most likely to target 5G networks.
  • In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country. 
  • Increased risks from major dependencies on suppliers: a major dependency on a single supplier increases the exposure to a potential supply interruption, resulting for instance from a commercial failure, and its consequences. It also aggravates the potential impact of weaknesses or vulnerabilities, and of their possible exploitation by threat actors, in particular where the dependency concerns a supplier presenting a high degree of risk. 
  • Threats to availability and integrity of networks will become major security concerns: in addition to confidentiality and privacy threats, with 5G networks expected to become the backbone of many critical IT applications, the integrity, and availability of those networks will become major national security concerns and a major security challenge from an EU perspective.

Security threats have been detected by researchers at Purdue University and the University of Iowa. The potential flaw being observed allows hackers to gain access to real-time location tracking and surveillance, along with the capability to spoof emergency alerts in order to cause mass panic.

These security concerns have been reported to GSMA, but the threats are yet to be seen as a real cause for concern, with GSMA saying:

“These scenarios have been judged as nil or low-impact in practice, but we appreciate the authors’ work to identify where the standard is written ambiguously, which may lead to clarifications in the future”, and “We are grateful to the researchers for affording industry the opportunity to consider their findings and welcome any research that enhances the security and user confidence of mobile services”.

Whether this is an actual concern or not remains to be seen, but one thing is certain: 5G will be widely adopted sooner rather than later—bringing with it greater speed, lower latency, and plenty of options for remote operations.