The subject discussed today is 5G security, assessing the risks to various groups and ways to mitigate these risks.
Today, we’ll map thea 5G threat landscape for end devices. Hopefully, by the end of this article, you’ll have a new tool to use when analyzing the cybersecurity of your future 5G device deployments.
A bit about us for those that are unfamiliar: FirstPoint is a funded startup based out of Israel protecting any SIM or eSIM based device from cellular network threats, mobile phones, IoT, connected cars, and more.
Our team members are global accredited leaders in mobile and IoT cybersecurity with more than a hundred years of experience in telecom hacking and protection between them. We’re proud to be selected by the GSMA 100 program as 5G innovators and to partner with The World Bank on global 5G security.
The 5G threat landscape
The high speeds and low latency promised by 5G could propel societies into a new age
of opportunities. The ITU presents new leading categories.
Source: ITU
On the top, Enhanced mobile broadband (eMBB) is likely to be the first realization of 5G technology.eMBB aims to stream 4K video, VR, AR content, and immersive gaming for entertainment and enterprises.
On the bottom left, massive machine-type communications (mMTC) for asset tracking, smart agriculture, smart cities, energy monitoring, and smart home. Delivering large-scale machine to machine M2M communication and enabling large scale IoT deployments.
On the bottom right, ultra-reliable and low latency communications or URLLC for autonomous vehicles, smart grids, remote patient monitoring, and telehealth and industrial automation. These use cases are driving URLLC to deliver ultra-fast mission-critical connectivity utilizing the above 20 GHz spectrum.
Some devices may need multiple IoT connectivity segments for executing one or more use cases. For example, autonomous transportation fleets with rich requirements, but all segments face cybersecurity concerns.
5G security, a long and winding road
Ericsson predicts that 5G networks will carry 35%of mobile data globally in 2024.
It’s been a very long standardization process that started in 2015 and now on a second release, meaning that the network is evolving tremendously. One of the main goals of the new 5G network is to deal with the known security concerns of 2G, 3G, 4G networks.
However, even this improved 5G network still must interconnect with the legacy networks; thus, inheriting the same vulnerabilities it was designed to avoid. Naturally, as 5G networks are deployed and tried out, new loopholes are being discovered and dealt with, and this will continue to be the case for years to come.
Also, 5G networks are based heavily on software and cloud technologies, which encompass intrinsic vulnerabilities of their own. The attacker’s imagination only surpasses the possibilities of cyber-attacks on cellular devices and networks in 5G.
Source: FirstPoint
Attacking via 5G networks. How?
We’ll go through possible attacks in six groups.
(1) End equipment or devices. Mobile to internet attacks like a distributed denial of service, DDoS, an attack against an internet site. Or, internet to mobile attacks, delivering malware to mobile devices through an infected site or app. Mobile to network attacks. DDoS attacks targeting the 5G infrastructure. Mobile to mobile, infected devices against other mobiles to commonly spread malware.
(2) Radio access network attacks, using rogue based stations or international mobile subscriber identity (IMSI) catchers to target IMSIs during the device initial attach procedure to the network.Or, paging attacks using the IMSI paging feature. Man-in-the-middle attacks and denial of service are an immediate risk, while the device identity is commonly used in further later attacks. Recent publications reveal that these flaws still exist in 5G.
(3) For the core network, as the 5G network is all IP-based, it is potentially vulnerable to IP-based attacks such as traffic rerouting.
A DDoS attack launched by an army of infected mobiles, bots, coordinated to simultaneously access those elements and cause a significant downgrade of the network performance.
Source: FirstPoint
(4) In network connectivity, in former cellular generations, interconnectivity between networks was based on insecure protocol.SS7 in 2G and 3G and Diameter in 4G and it was utilized for launching very powerful attacks, such as locating and tracking devices and hijacking signaling traffic.
In 5G, embedded encryption over the application layer at the SEPP node might protect against the known vulnerabilities that exist in SS7 and Diameter protocols. However, this is not fully standardized yet, so similar attacks will still be possible.
(5) In terms of foreign networks, utilizing the vulnerabilities that enable core network threats and network connectivity threats that we just talked about, foreign governments may abuse the trusted network access to perform any of the previously stated attacks.
(6) Apps and services. The targets of the attack are the applications and services provided over the 5G cellular networks, shutting them down or harming the services.
Now that we’ve gone through an overview of the threat landscape, I’d like to start talking about the new cyber risk index that Adam and the team at FirstPoint have been working on.
The risk in 5G networks. To whom?
In the UK’s NCSC basic risk management principles of cybersecurity, they state that all organizations face risks, no matter the size. They are practically endless use cases for 5G just like we presented in the beginning.
Many times security is not taken into consideration like with simple off the shelf sensors that lack any security and many other times security concerns are inhibitors for the adoption of new technologies like 5G in critical infrastructure.
With all these different threats and use cases, how is it even possible to understand what risks are relevant and how grave the threat is for each scenario?
That’s the question we set out to answer.
We started by segmenting the devices and networks at risk into four entities: individual users, mobile network operators, and IoT service providers, the public sector, and businesses.
How can we assess the risks to entities in 5G?
Based on over a hundred cumulative years of experience on both the attacker and protector side, our team set out to map the risks to each of these groups taking into account, all threat vectors, all use cases, and all consequences.
We’ll score each potential risk by three vectors.
First: Severity, the level of the potential damage or disruption, calculating in the scale of affected devices, and consequential damages. As the NCSC states: understand what you care about and why.
Second: Effort, level of complexity, or skill required to implement the risk.
will require multi-factor authentication via cellular is expected to further increase.
The first use case we’ll review is service interruption in a public service scenario.
The total risk score is 5. The Civil Aviation Authority in Singapore has been trialing out a connected urban airspace management system for drones flown beyond a visual line of sight currently using a public LTE network.
The drones are planned to serve deliveries to hospitals, first responders and security services, and in the future do so over 5G. Interrupting the service given by these drones can result in a risk to lives, money, reputation, and trust in government services.
A potential attack method could be taking advantage of vulnerabilities in the 5G
software-based third-party services to attack the drone’s operation or using an attack
drone with a rogue base station mounted on top or attacking base stations near the
drone’s path to disrupt communication with the network.
The second example we’ll discuss is that of the disruption of critical infrastructure.
Thus, causing harm at a national level with a risk score of 4.5. Electric metering is
already being used around the world to simplify accurate data gathering for endless electric grid endpoints.
Attacking single or even several meters wouldn’t have a severe impact on the national grid.
Exploiting zero data vulnerabilities and massive IoT, MIoT devices and using infected meters as bots in a DDoS attack on 5G radio area network or on the grid’s servers is a full-on disaster.
Source: FirstPoint
These hackers could be people simply looking to disrupt the mobile network or they could be a nation-state attacking all the mobile operators in another country as described by The 5G Americas Organization.
Threat Mitigation for 5G cyber risks, a global effort
Although it may seem that the potential risks are endless and ominous, there is a lot we can do to protect ourselves and our company. Let’s check out some mitigation steps. Each entity can use the cyber risk index that we just saw to rank the risks and set a plan to mitigate them starting from the top.
Just like cybersecurity is always, in 5G it’s a global effort. The major players in 5G infrastructure and cybersecurity are of course the operators: traditional mobile network operators, MNOs as well as IoT service providers and private network owners.
Source: FirstPoint
As such, operators have the responsibility to create and sustain ultra-secure networks.
This means creating and upholding internal certification for network security.
Creating and formalizing a verification process for third party hardware and software throughout the supply chain, including cloud hosting services. Regularly updating and maintaining components. Assuring no single source dependency.
Legacy network interconnection is still an issue, but operators should verify connections only to secured networks and maintain and enforce “allowed” versus “denied” external connectivity and including implementation of the 3GPP requirements.
As with any security process, one of the major risk factors is the human factor.
The network operators should verify that only trusted and qualified personnel is accessing highly sensitive systems.
Vetting the personnel, setting certification processes, assuring no single responsibilities
, and regular training and checking. Still, many threats cannot be mitigated
by the operators alone. For these, operators should seek external expertise to assure
the security of the high-risk users, devices, businesses, and the public sector via dedicated security services, including against denial of service, eavesdropping
SMS hijacking, IMSI catchers, and others.
For extended information and what mobile networks can do, drop us a note and we’ll be in touch. The other entities have the responsibility to protect themselves and their services of course.
Individuals should practice standard cyber-hygiene. Use only certified devices and well-known services. For the high risks threats that are relevant to each of the users, they should consider applying dedicated cellular protection services to protect them.
Businesses need to protect their corporate assets. This could be their employees’ device, their connected devices, or the services they offer. Security needs to be taken into consideration on all layers from design to operation, not leaving it as an open issue
to be dealt with after deployment. External expertise should be sought to overcome vulnerabilities and add on cybersecurity solutions to deal with the ever-evolving threat landscape. Training must be an integral part of course.
For the public sector, the scope of responsibility is twofold. Protecting themselves and setting guidelines for the rest of the entities in the nation.
Creating and demanding certification processes from operators via regulations.
Setting up a nation-level cybersecurity forum to deal with new and open issues.
Creating an available testbed for the private and government sector to try out new 5G use-cases and devices in a secure environment.
Provide businesses and operators with economic incentives to up their security and of course push forward more highly trained cybersecurity personnel.
Security as an inhibitor for 5G adoption
The inherent vulnerabilities of the cellular network are holding back companies from adopting 5G for the most sensitive use-cases such as critical infrastructure, smart cities, and connected vehicles.
32% of businesses state security as a barrier to 5G adoption according to an Accenture business survey in 2019.
Source: Accenture
And in an AT&T study in 2019, 72.5% of the respondents rated their level of concern as high or medium-high when it comes to the potential impact of 5G on security.
According to 5G America’s Organization, privacy concerns are one of the main inhibitors to adoption.
Security as an inhibitor. Bridge the gap
The same Accenture survey revealed that though 40% of executives plan to partner with telcos on their 5G journey, about 5G challenges in their industries.
Source: Accenture
Increasing trust in 5G networks and in telcos’ ability to deal with the current challenges of 5G will increase enterprise adoption of 5G and speed up monetization on the investment in 5G. For the knowledge gaps that exist, external experts and solutions can provide relief.
And that’s where FirstPoint comes in. A cellular network-based solution, tackling all cellular network-based threats in 5G and legacy networks 2G, 3G, and 4G.
FirstPoint, A mobile network-based approach
FirstPoint provides cellular cybersecurity service. We partner with mobile network operators, IoT service providers, private networks and EPC providers to create a secured system through which protected device traffic signaling, and data are routed,
while unprotected device traffic continues to flow through the operator’s original network.
Mobile communication is analyzed, applying predefined security rules, and organization controls\ed policies. Malicious network activity is detected, alerted, and blocked by the system: end-users and CISOs receiving real-time alerts.
Our SIM outlet enhances on-device security and device network anonymity.
FirstPoint’s service is the first holistic cellular cyber solution tackling all attack vectors: data-based attacks, malicious SMS, network loopholes including location tracking
and traffic rerouting and IMSI catchers.
While other solutions provide partial protection capabilities and none are a match for IMSI catchers. Our agentless approach means any device can be protected, not just limited to the latest Android or iOS operating systems like many others.
An organization level multi-tenant management system enables each enterprise to manage all types of devices from one central platform with real-time alerts. The system is interoperable with any SIEM.
Benefits: For users, enterprises, and governments
For enterprises and users, this is a novel approach, one solution for protection against all cellular threats: signaling, SMS, and data-based .
• Overcoming both 5G and legacy network vulnerabilities. All those threats that we talked about at the beginning.
• Our cybersecurity services fit anything with a SIM card, with or without an operating system, simple or complex.
• A central management platform enables mass policy management of device security by type, use-case, or other factors as well as personalized security policies.
• As a network-based solution, deployment is as simple as adding any value-added service with the operator with no software or unique hardware installations. Enabling infinite scale-up in a heartbeat before or aftermarket, so any IoT in the field can be protected.
• Also, the service is hassle-free for users and doesn’t impact battery or CPU, which is even more critical for low-power devices.
Opportunity: For mobile operators & IoT service providers
For MNOs, MVNOs, MVNE’s and IoT service providers, this is an opportunity:
• To be the secure network,
• To have built-in security, and an advantage in winning security-sensitive business opportunities
• To offer a premium value-added service that enhances the operator’s core products.
FirstPoint’s fully modular services enable operators to serve any cellular use-case and help solve customer’s cellular cybersecurity concerns, reducing the risk in 5G deployment, and increasing much-anticipated adoption.
A more secure future of communications
To wrap up, we expect that by having more trusted 5G networks where sensitive organizations can rely on continuous communication to remain secure, the world will take leaps forward in the years to come.
The FirstPoint team is here to be a part of securing the future of connectivity in 2G to 5G and enable nations and enterprises to build a connected, safer, and more efficient world.
For more information, please don’t hesitate to contact us or send an email to secure@firstpoint-mg.com , to discuss further how to protect cellular devices from cyber threats in 5G, as well as 3G and 4G.
Ready to level up your IoT or mobile security solution? We offer a wide range of customizable solutions, from white-labeling the technology, to managed services.
I’m most concerned about mobile security – | I’m most concerned about IoT security – |
Protect from cyber risks in 2G to 5G and beyond.
FirstPoint provides the best security in the cellular space.
Contact Us