Cover Image

Deciphering 5G security (Part 1). Separating Facts from Fiction.

14 November 2023 - Reading time: 4 minutes

As the hype (oh sorry, better call it: general excitement) around 5G continues to grow, the network of the future seems poised to change telecommunications forever and in a good way. However, as with any new technology, 5G also introduces new risks that could undermine its potential if not properly addressed. In the series of articles I want us to find out what those risks are and how to deal with them before it's too late.

5G is indeed thought to be a new market force, bringing wireless connectivity to billions more devices. Its massive machine-type communication capabilities alone have the potential to power new IoT use cases we can barely imagine today. But the scale and hyper-connectivity of 5G networks also mean new avenues for threat actors to exploit. 

Some could say: read the specs! The security is "embedded in 5G" from the ground. The new architecture utilises a myriad of security features implemented throughout the whole network. User data and signalling traffic traversing both the control plane overseeing network operations and the user plane carrying subscriber data are encrypted. Encryption is also applied to subscriber identities and interfaces between network components. Additionally, 5G SA mandates Transport Layer Security (TLS) encryption and authentication for communication between different mobile network operators. So is there a problem here? Yes, there is: take a look.

For example, 5G network functions (NFs) are software-based and come from many different vendors. Those NFs will certainly introduce vulnerabilities if patches or security updates are not correctly (and promptly) applied. New authentication mechanisms, mandated by the 3GPP standard, may also require strengthening to prevent unauthorized access, e.g. to core network slices. On the RAN side, open interfaces in OpenRAN architectures could expose control planes if not properly firewalled and segmented. There are also concerns around supply chain integrity as 5G infrastructure is sourced globally. Without robust vetting and oversight of contracting parties, could certain components become vehicles for embedding hidden vulnerabilities or backdoors? Well, supply chain security would surely require a separate long and interesting conversation.

But this is not the end of the story. 5GC introduces even more risks due to its use of open HTTP/2-based APIs, and a large number of dynamically scalable microservices within each NF that talk to each other primarily through public interfaces rather than proprietary protocols. While this architecture features cloud-native technologies and speeds up development and remediation, - at the same time it also provides many more familiar attack vectors for malicious actors. To maintain resilience against both intentional and unintentional threats mobile operators must start thinking now about how to improve security measures across their 5GC systems. There is one more reason for it: new draconian legislation in Europe and in the UK. If things go wrong - the poor telco has to pay a fine of up to 2% of the global yearly revenue (I am referring to NIS 2, as you might rightfully guess). Indeed, this gives some food for thought. The stakes are high as operators have to deal with challenges that substantially exceed any risks faced in earlier cellular generations.

In my humble opinion, the only reasonable approach is to make security testing not optional but mandatory for all 5G network functions, configurations and software deployments. This should include regular penetration testing aiming to find weaknesses before attackers can at the device level, assembled subsystems and system levels. Similarly, paying more attention to stringent authentication, access controls and network segmentation now becomes imperative considering that 5G networks are much more distributed and complex.

While 5G's arrival will undoubtedly transform industries and economies, its security implications demand close attention and ongoing hardening efforts. Only by proactively identifying and remediating vulnerabilities we all can maximize the benefits of 5G and ensure that crucial infrastructures of tomorrow remain resilient against evolving threats. 

[The article is also published on LinkedIn]