The next-generation wireless networks make it tougher to track and spoof users, but security holes persist because devices still connect to older networks.
You’ve perhaps been hearing the hype about lightning-fast 5G for years now. And while the new wireless networks still aren’t everywhere in the United States, 5G is slowly mushrooming in cities from Seattle and Boston to Dallas and Kansas City. With the faster connection speeds will come improved security and privacy protections for users, as the wireless industry tries to improve on the securities of 3G and 4G. But while 5G researchers say that the new network will bring significant improvements, it still has some flaws of its own.
There are a few main security wins in 5G. Many relate to spoofing and anti-tracking features that make it harder for bad actors on a network to trace and influence individual device connections. To do this, 5G encodes more data, so less is flying around in the clear for anyone to interrupt. 5G is also a much more software and cloud-based system than former wireless networks, which will enable for better monitoring to detect potential threats. It will also allow operators to do what’s called “network slicing”—dividing the system in several virtual networks that can be supervised and customized separately. This means that different “slices” could have different personalized protections for particulars types of devices.
“5G has really good assurance for security,” says Ravishankar Borgaonkar, a research scientist at the Norwegian tech analysis firm SINTEF Digital. “Encrypting identifiers is a really good move, and network slicing is a network paradigm shift. But there are still other ways that users can be followed and there are questions about how to warrant the trustworthiness of the [5G] software. So there’s always room for improvement.”
Throughout the last year, Borgaonkar and other researchers have discovered and reported a number of security flaws in 5G to the mobile trade group GSMA, one of a group of organizations that administer the standard. Many of the findings emphasize on ways that users can still be traced while connected to 5G, using information that stays unencrypted as it is transmitted or that escapes because of a fault in the standard. This can permit attacks known as fake base station attacks with devices often called “stingrays” that deceive target devices into thinking they are a cell tower and connecting. From there, attackers can seize mobile traffic to keep watch on victims and even control data.
Researchers have also hinted that some faults in 5G allow for “downgrade” attacks in which a target’s phone connection is influenced to downgrade to 3G or 4G service, where hackers could use unsolved flaws in those older networks to conduct attacks.
The GSMA says that it appreciates scrutiny of the 5G standard because it has allowed the organization to identify and fix possible vulnerabilities before the 5G networks are extensively deployed.
“The GSMA has been getting the industry prepared for 5G, working on the security technology that supports the standards which define the new secure-by-design 5G technologies,” says Amy Lemberger, cybersecurity manager, GSMA. She notes that since April, the GSMA’s “5G Security Taskforce” has been getting mobile operators and vendors together so they can work proactively on issues like 5G fraud models and network slicing requirements.
Experts say that while associations with GSMA have been fruitful, they’ve recognized problems that still have to be completely resolved; in part, that’s because of the difficulty of making sure that 5G can interoperate with older wireless networks like 3G and 4G. Building out 5G while flawlessly integrating with the older generation networks is hard and can erode security and privacy.
“5G is a huge leap forward on numerous fronts, but won’t actually deliver a full security upgrade until we see pure 5G networks with no legacy tech—so not for another ten years or more,” says Karsten Nohl, creator of the security research firm SRLabs.
This raises another possible security issue that isn’t specific to 5G, but will be a key factor for the new wireless networks also: implementation. While groups like GSMA can prepare the 5G standard to be as secure as possible, network operators will actually arrange 5G in practice. If they make errors or cut corners in how they establish the technology they can introduce new and unexpected risks and susceptibilities into the system, like missing data protections and authentication checks. And for customers, it’s almost impossible to know whether networks are sticking to best practices.
“Even 4G was comparatively secure, but many operators were not applying certain recommended protocols at all, because it was expensive,” SINTEF Digital’s Borgaonkar says. “We have seen that operators aren’t always executing features, even when a standard calls them obligatory, and that’s where the problem lies generally in mobile networks. The same thing will happen in 5G as well. It really comes down to government systems or another authority to enforce it.” In the United States, for example, the FCC can enforce how a technical standard is employed.
The privacy and security gains of 5G will make a real difference in guarding users against threats and manipulation like tracking attacks. And as a vast horde of new internet-connected devices comes online via 5G, features like network slicing will expectantly help manage their security. But there’s never a miracle security drug that solves every problem. And it seems likely that 5G has its own challenges on the prospect.