Trend Security Expert
5G: Are We Ready? Security Risks with the New Technology
What is 5G?
Over the years, mobile networks have continued to evolve, providing better and faster communication for users. From the first generation, 1G, which was introduced in Japan in 1979, to 5G, the latest mobile network technology today. 5G is a specification laid out by the International Communications Union (ITU) that is said to be faster than 4G LTE network. It will also enable us to develop further into IoT and data communication.
Unlike the previous generation, 5G uses higher frequency radio waves (mmWave, sub-6Ghz), which makes its range shorter than 4G. To address this issue, 5G uses smaller but more closely distributed cell sites instead of large cell towers. More devices are able to connect to the network, speed and latency are also improved. Speed is not only the improvement to this generation of mobile networks but also its consistency. Because it uses high frequency waves, it provides consistent access to data through the network.
Threats in 5G
5G adopts its architecture and technology from its predecessor: 4G. With its well-established technology, there are still some defined vulnerabilities which are studied and addressed by 3GPP (3rd Generation Partnership Project). But adding the maturity of open-source security analysis tools, for a more secure 5G, this may not be the case.
As mentioned by Roger Piqueras Jover and Vuk Marojevic in their paper: Security and Protocol Exploit Analysis of the 5G, the new technology can be vulnerable to location leaks, denial of service, man-in-the-middle attacks, phone call and SMS snooping, and credential-stealing.
Here are some vulnerabilities discovered by these experts:
5G-AKA PROTOCOL EXPLOIT
5G Authentication and Key Agreement or 5G-AKA, is a protocol used within 5G to authenticate the subscriber and the network. This protocol vulnerability allows attackers with no privileged network access to the network and impersonate another user.
This vulnerability would result in an attacker billing the user for their own, access charges to another user account rather than its own, etc.
5G RNTI-BASED TRACKING
5G Radio Network Temporary Identifier (RNTI) based tracking is another exploit by utilizing RNTI which helps to distinguish multiple devices/connections on the radio network.
Utilizing RNTI, one can track someone’s device location.
This was disregarded by 3GPP because they claim that RNTIs are short-lived identifiers that cannot be leveraged for privacy leaks.
However, the exploit, which further described in the paper, “Breaking LTE on Layer Two”, published by D. Rupprecht, K. Kohls, T. Holz, and C. Popper, shows it is possible.
5G BASE STATION JAMMING, SPOOFING, and SNIFFING
Unfortunately, 5G also showed vulnerability to radio frequency interference
Furthermore, with 5G using the similar protocol implementations of LTE, it also adopts vulnerabilities of the previous technology which involves spoofing and sniffing. This was further described on the paper made by M. Lichtman, R. Rao, V. Marojevic, J. Reed, and R. P. Jover
To summarize, 5G brings us a new perspective of the world - a new platform to work with; ushering new possibilities to business, social infrastructure, and a promising future of a more interconnected world.
Be that as it may, with the aforementioned studies, it shows that we are not there yet. There are still some areas that need to work on in terms of security.
With 6G already in development, let’s all hope that these vulnerabilities in 5G will be addressed as soon as possible.
Trend Micro Researchers