As 5G rolls out in select cities, the hype train for the technology has picked up steam. Everyone is claiming it’s going to disrupt this and transform that. It’s true 5G offers exciting speeds and new possibilities. It also has security vulnerabilities that need to be addressed before we all hop aboard.
What is 5G?
5G refers to the fifth-generation of wireless cellular networks. It promises incredible speeds that rival some of the fastest residential internet solutions.
The new 5G New Radio interface is used, which operates on a completely new signal spectrum compared to previous generations of cellular networks. It utilizes two sets of high-frequency bands, FR1 (410MHz-7.125GHz) and FR2 (24.25GHz-52.6GHz)[1]. FR1 includes the typical LTE frequency ranges and will carry the bulk of the communications traffic. The ultrawide FR2 is also known as the millimeter wave (mmWave) spectrum and is the band capable of the highest performance.
The downside of using millimeter-wave frequencies is the signal has a much shorter range. This means that more cellular towers need to be present to have the same area of coverage as a 4G network. This is why a 5G rollout is a time-consuming process. More infrastructure has to be built throughout the country to see the full benefits of high-band 5G.
The new towers are fitted with Massive MIMO (Multiple Input Multiple Output) technology. This allows for signals to be concentrated into “beams” and directed precisely at the connected devices. The result is improved speed, capacity, and coverage with decreased signal waste.
Compared to 4G networks
Being more modern, 5G provides a host of improvements compared to existing 4G networks. This includes up to 100x faster download speeds, reduced latency and higher bandwidth[2].
Increased bandwidth isn’t only useful for download performance. It also means more devices can be connected to the network without congestion. So those in population-dense areas can still catch up on their favorite Netflix shows while riding the subway home at rush hour.
Strengths become weak points
No new technology is perfect. Paradoxically, some of the 5G network’s biggest strengths introduce security weaknesses.
For instance, the increased number of devices supported by 5G has the potential to transform the IoT industry. IoT, or the Internet of Things, is a term that refers to the vast number of small physical devices now connected to the internet. Devices in a “smart home” are examples of IoT. Things such as the thermostat and lighting system are connected to your phone via the internet and controlled with a dedicated app. You can then program automatic functions or send instructions to these devices.
Widespread 5G coverage opens up possibilities for IoT that aren’t achievable by relying on home or business networks. Soon, cars could be outfitted with sensors connected to 5G networks that alert emergency contacts immediately in the event of an accident.
Unfortunately, billions of newly-connected devices mean billions of potential security vulnerabilities. This exponential increase in the surface area for malicious attacks is sure to attract the attention of hackers.
This is especially concerning as more critical infrastructure is connected. Smart cities have long been a desired goal for technologically advanced societies. In theory, it would be great for power plants with thousands of connected sensors to adjust electricity output based on dynamic changes in demand. It could reduce energy waste and increase environmental sustainability. But, what if
It may seem like hyperbole, but it’s not out of the realm of possibility. At a smaller scale, similar ransomware schemes happen today frequently to large and small businesses alike. Raising the stakes (and potential rewards to malicious agents) could have disastrous consequences.
As a result of its decentralized nature, 5G networks make use of high levels of virtualization where former networks required physical hardware. This makes hardware maintenance more straightforward and less prone to failure but increases the potential for software exploits. The amount of traffic routing points in these systems has increased significantly.
In particular, software-based routing tools are used and high-level network functions once performed by physical equipment now rely on digital solutions. Additionally, the networks themselves could be managed moment-to-moment by new Artificial Intelligence (AI) programs that assuredly have unknown security weaknesses.
So, not only is the attack surface area increased by a growing number of connected devices, but also by the amount of software required for the connection.
Another strength that turned to weakness is the amount of bandwidth passing through the network. 5G allows for much more bandwidth, but that also makes monitoring it more difficult. Without advanced AI tools proven to be secure, it may be impossible to monitor the immense traffic in real-time for threat identification.
Legacy network concerns
5G networks are being deployed slowly due to the infrastructure investment needed. The highest speed 5G is only on the Verizon network in 35 U.S. cities. Even then, only certain regions of the cities are covered. This means that 4G and 3G spectrums are still necessary for nearly all customers. This requires 5G devices to switch between spectrums as necessary. The process of switching uses the GPRS Tunneling Protocol (GTP) to move data packets seamlessly between the various networks. This protocol has been around since 2G moved to 3G and has known security issues.
This is not the only way legacy technologies can be used to exploit new 5G devices. Researches at Purdue University and the University of Iowa demonstrated other possibilities in February of 2019[3]. Using “torpedo” attacks, they were able to intercept calls and text messages. This technique could also be used to track a user’s location and obtain identification data such as phone numbers or social media account info.
Supply chain issues
The final security weakness commonly cited regarding 5G technology relates to the supply chains of the components. Due to the globalization of manufacturing around the world, some nations are concerned that hardware made in other countries could have secret backdoor exploits installed from the onset.
These fears are not altogether unfounded. Recently, the United States revealed that Chinese electronics manufacturer, Huawei, had access to backdoors in 4G base stations and other carrier equipment[4]. While it may be difficult to separate the truth from political theater, these are issues of national security and should be taken seriously.
The path to increased security
Hopefully, now you see the need to beef up security for 5G networks. If it is to live up to its potential as a transformative technology, rigorous safety procedures need to be implemented.
There are many ways we can head down this path, and it starts with promoting corporate responsibility. Organizations are compelled by market forces above all and are therefore less incentivized to pursue actions without clear growth outcomes. Historically, this has led to underinvestment in cybersecurity policies. This needs to change.
One way to nudge corporations to revamp their cultures in this way is for regulatory agencies to provide more incentives and fewer punishments. Criminally-negligent companies should still be punished, but in general, incentivizing good behavior is a better way to go. This could take the form of monetary benefits such as tax breaks or regulatory advantages afforded to organizations that prioritize cybersecurity.
If an overarching framework based on cooperation is too large of a task, there are more granular approaches. Companies should increase investment in cutting-edge network monitoring tools that integrate AI and machine learning. These technologies can learn from the mammoth amount of information generated and predict where malicious attacks occur. This makes network management more -ahem- manageable.
Great care should be taken to ensure these programs are secure so they don’t do more harm than good, though. Any new AI solution will need to be thoroughly tested to ensure no obvious exploits exist. We recommend enlisting the help of some white hat (ethical) hackers to see just how secure the program is before its full implementation.
Businesses should also focus on developing robust cybersecurity metrics. These metrics help identify weak points, along with leading indicators of problem areas. Without them, firms are forced to rely on lagging indicators of a breach that don’t do much good during a crisis. Knowing exactly how you got hacked after a major incident is much less valuable than catching an infiltration before it has a chance to do significant damage.
Our final suggestion is to only purchase network hardware from thoroughly vetted suppliers. Cheap gear may seem like a great idea at the time, but if it ends with an exploitable backdoor that compromises client information, was it worth it? No. The answer is always no.
Securing data at rest and in motion
As technology continues to advance, privacy and security are at a premium. Axel is dedicated to providing the most secure and private data sharing tools to users worldwide. Our filesharing platform, Axel Go, employs powerful blockchain encryption and decentralized IPFS technology to ensure your files are secure and accessible at all times. Download it today and receive 2GB of free storage.
[1] “5G Frequency Band, Channels for FR1 & FR2”, Electronics Notes, https://www.electronics-notes.com/articles/connectivity/5g-mobile-wireless-cellular/frequency-bands-channels-fr1-fr2.php
[2] Clare Duffy, “The big differences between 4G and 5G”, CNN, Jan. 17 2020, https://www.cnn.com/2020/01/17/tech/5g-technical-explainer/index.html
[3] Kayla Zacharias, “Flaws in 4G, 5G networks could let hackers intercept calls, track location”, Purdue University, Feb. 27, 2019, https://www.purdue.edu/newsroom/releases/2019/Q1/flaws-in-4g,-5g-networks-could-let-hackers-intercept-calls,-track-location.html
[4] Corinne Reichert, “US finds Huawei has backdoor access to mobile networks globally, report says” CNET, Feb. 12, 2020, https://www.cnet.com/news/us-finds-huawei-has-backdoor-access-to-mobile-networks-globally-report-says/