The next-generation wireless networks make it harder to track and spoof users, but security holes remain because devices still connect to older networks.
You’ve probably been hearing the hype about lightning-fast 5G for years now. And while the new wireless networks still aren’t ubiquitous in the United States, 5G is slowly cropping up in cities from Boston and Seattle to Dallas and Kansas City. With the faster connection speeds will come increased security and privacy protections for users, as the wireless industry attempts to improve on the defenses of 3G and 4G. But while 5G researchers say that the new network will bring major improvements, it still has some shortcomings of its own.
There are a few major security wins in 5G. Many relate to anti-tracking and spoofing features that make it harder for bad actors on a network to track and manipulate individual device connections. To do this, 5G encrypts more data, so less is flying around in the clear for anyone to intercept. 5G is also a much more software and cloud-based system than previous wireless networks, which will allow for better monitoring to spot potential threats. It will also enable operators to do what’s called “network slicing”—segmenting the system in numerous virtual networks that can be managed and customized separately. This means that different “slices” could have different tailored protections for specifics types of devices.
“5G has really good promise for security,” says Ravishankar Borgaonkar, a research scientist at the Norwegian tech analysis firm SINTEF Digital. “Encrypting identifiers is a really good thing, and network slicing is a network paradigm shift. But there are still other ways that users can be tracked and there are questions about how to guarantee the trustworthiness of the [5G] software. So there’s always room for improvement.”
Over the last year, Borgaonkar and other researchers have found and reported a number of security weaknesses in 5G to the mobile trade group GSMA, one of a group of organizations that manage the standard. Many of the findings focus on ways that users can still be tracked while connected to 5G, using information that remains unencrypted as it is transmitted or that leaks because of a flaw in the standard. This can allow attacks known as fake base station attacks with devices often called “stingrays” that trick target devices into thinking they are a cell tower and connecting. From there, attackers can intercept mobile traffic to spy on victims and even manipulate data.
Researchers have also pointed out that some flaws in 5G allow for “downgrade” attacks in which a target’s phone connection is manipulated to downgrade to 3G or 4G service, where hackers could use unresolved flaws in those older networks to carry out attacks.
The GSMA says that it welcomes scrutiny of the 5G standard, because it has allowed the organization to catch and fix potential vulnerabilities before the 5G networks are widely deployed.
“The GSMA has been getting the industry ready for 5G, working on the security technology that underpins the standards which define the new secure-by-design 5G technologies,” says Amy Lemberger, cybersecurity director, GSMA. She notes that since April, the GSMA’s “5G Security Taskforce” has been bringing mobile operators and vendors together so they can coordinate proactively on issues like network slicing requirements and 5G fraud models.
Researchers say that while collaborations with GSMA have been fruitful, they’ve identified problems that have yet to be completely resolved; in part, that’s because of the difficulty of ensuring that 5G can interoperate with older wireless networks like 3G and 4G. Building out 5G while seamlessly integrating with the older generation networks is difficult and can erode privacy and security.
“5G is a big step forward on several fronts, but won’t actually provide a full security upgrade until we see pure 5G networks with no legacy tech—so not for another 10 years or more,” says Karsten Nohl, founder of the security research firm SRLabs.
This raises another potential security issue that isn’t specific to 5G, but will be a major factor for the new wireless networks as well: implementation. While groups like GSMA can groom the 5G standard to be as secure as possible, network operators will actually deploy 5G in practice. If they make mistakes or cut corners in how they set up the technology they can introduce new and unforeseen risks and vulnerabilities into the system, like missing authentication checks or data protections. And for customers, it’s almost impossible to know whether networks are adhering to best practices.
“Even 4G was relatively secure, but many operators were not implementing certain recommended protocols at all, because it was costly,” SINTEF Digital’s Borgaonkar says. “We have seen that operators aren’t always implementing features, even when a standard calls them mandatory, and that’s where the problem lies usually in mobile networks. The same thing will come up in 5G as well. It really comes down to government regulations or another authority to enforce it.” In the United States, for example, the FCC can enforce how a technical standard is implemented.
The security and privacy gains of 5G will make a real difference in protecting users from manipulation and threats like tracking attacks. And as a massive horde of new internet connected devices comes online through 5G, features like network slicing will hopefully help manage their security. But there’s never a magic security solution that solves every problem. And it seems likely that 5G has its own challenges on the horizon.
All Rights Reserved for Lily Hay Newman