5G phones and other devices have already begun to appear in stores. And soon the super-fast 5G will become the new standard for cellular technologies. With a 5G connection you’ll be able to stream high-quality video and play online games on your mobile device more easily.
However, as with any new technology, 5G comes with certain security concerns. Here we’ll explain some of the security risks of 5G so you can be more informed when you purchase or use 5G devices.
1. Optional Security Features in 5G
Concerns about 5G have been around for some time. US Senator Ron Wyden even wrote to the chairman of the Federal Communications Commission (FCC) in November 2019 to discuss some of these worries.
A major issue Senator Wyden raised in his letter was that some cybersecurity protections against known vulnerabilities are optional in 5G (what is 5G?). This includes features like encryption and authentication.
As these are not mandatory, each individual wireless carrier must decide whether to turn on these protections themselves. We can hope that most carriers will choose to do so. However, carriers are not obligated to use these protections.
“For decades, wireless carriers have ignored known cybersecurity vulnerabilities that foreign governments were and are still actively exploiting to target Americans,” Wyden wrote. “The market has failed to incentivize cybersecurity, in part because consumers have no way of comparing the cybersecurity practices of phone companies.”
This is a worry not only for 5G users whose carrier doesn’t take security seriously. It can impact others too. For example, if user A’s carrier is not secure and they send and receive messages from user B, then both users’ data is vulnerable.
In his letter, Senator Wyden raises the issue of foreign governments using these vulnerabilities to target Americans. But users are at risk from spying from their own governments as well.
2. Risks to 5G Hardware and Infrastructure
A 2019 report by the US’s Cybersecurity and Infrastructure Security Agency (CISA) raises more concerns about 5G. It looked at the security risks currently present in 4G technology. The agency then considered how these risks could apply to 5G.
In particular, the report considers how hardware manufactured by untrustworthy company could compromise security. This is clearly a reference to Chinese companies like Huawei, which has been accused of spying on Americans.
“Even if US networks are secure, US data that travels overseas through untrusted telecommunication networks is potentially at risk of interception, manipulation, disruption, and destruction,” the report warns.
There is also the issue of the sheer number of components used in 5G, which is higher than previous wireless technologies. Much 5G support will require new physical architecture. That means carriers will need to build more cellular towers as well as more small cells or micro cells. The problem with this is that the more components present in a system, the more ways there are to attack it.
This is especially concerning when you think of the technologies which will be using 5G, such as autonomous cars, remote medical procedures, and Internet of Things devices. These are all vulnerable to cyberattacks and a successful attack could have very serious consequences.
3. A Vulnerability in 5G Authentication Protocol
As well as these more general threats, researchers have identified specific security issues in 5G. Researchers from SINTEF Digital Norway and the Technical University of Berlin described a vulnerability in the Authentication and Key Agreement (AKA) protocol that 5G uses in a 2019 paper.
The AKA protocol is what devices uses to communicate with the 5G network. A similar protocol is used in 3G and 4G networks too. The AKA protocol generates a one-time password so that devices and cellular networks can send data back and forth, and be sure that the data is not being interfered with.
The new, 5G version of the AKA protocol was designed to be more secure and to protect against a type of attack called a fake base station attack.
However, the new AKA protocol has introduced a weakness of its own. The researchers uncovered a logical vulnerability, which means a problem in the way the system operates as opposed to a weakness in any underlying code. The protocol is supposed to use randomized encryption to protect data. But the researchers were able to get around this. They created a new class of attack which they named an activity monitoring attack.
This means that hackers could steal steal information which is carried over 5G. The researchers have suggested a fix for the vulnerability, but the fix has yet to be adopted.
4. 5G Is Not Safe from IMSI Catchers
There’s also a way that governments can spy on users through 5G. Considerable attention has been focused on a security issue raised in 2018. The US Department of Homeland Security announced it had discovered electronic surveillance devices called International Mobile Subscriber Identity (IMSI) catchers in Washington, D.C.
IMSI catchers are devices which pretend to be cell towers, so devices like mobile phones connect to them. But when a device is connected, the owner of the IMSI catcher can intercept phone calls and messages. The FBI has been using similar technology called Stingray devices in order to track cell phone communications since the mid-1990s.
Despite public outcry about Stingray in the last five years, the FBI continues to use the technology. Law enforcement in Canada and the UK also use the devices.
5G was supposed to protect users against IMSI catchers. However, it appears that there are a number of ways attackers can get around the protections in 5G.
One way is using the vulnerability in the AKA protocol described above. Another is an attack called Torpedo. This takes advantage of a weakness in the paging protocol which notifies a phone to be ready when a call or message is about to arrive. Hackers could use Torpedo to spoof Amber alerts or to block incoming messages altogether.
If hackers deployed Torpedo, they could then follow this with a pair of followup attacks called Piercer and IMSI-Cracking. Together, these can access IMSI data on both 4G and 5G networks.
So 5G is not protected against IMSI catchers after all.
Security Issues in 5G
5G technology will bring faster internet speeds and enable new functions like streaming games on mobile devices. However, this new technology will carry some security risks with it as well. Before you jump into 5G, you should consider your devices’ security. And you should consider whether devices could be compromised by being connected to a 5G network.
To learn more about security for your connected devices, check out our list of best security and privacy apps for smartphones and tablets.
Image Credit: fotokitas/Depositphotos