5G is anticipated to be one of the biggest technologies to be implemented in 2021. It is hyped to revolutionise our lives both personally and professionally with unparalleled speed and widespread connectivity. However, there have also been some evidential flaws in the current implementation of 5G technologies.
According to new research, 5G technology in some cases has been allowing criminals to steal data and even cut off complete access to the internet.
Positive Technologies, has published a 5G standalone core security assessment, in which vulnerabilities were revealed for both subscribers and mobile network operators under standalone 5G network cores. Due to these vulnerabilities in certain protocols, there is the risk of theft from subscriber profile data, impersonation attacks and faking subscriber authentication.
Although expected to be the next big thing, the reality is that 5G technology is hamstrung by its reliance on existing 4G network cores.
Those who have made the move to 5G currently are still running on non-standalone 5G networks, which are based on the previous-generation 4G LTE infrastructure. This means that 5G connectivity is still at the mercy of the predecessor's long-standing vulnerabilities reported earlier this year by Positive Technologies.
Operators are gradually making their way to a standalone infrastructure, but this too has its security considerations. Global tech giant Gartner has said that it is expected 5G investment to exceed LTE/4G in 2022 and comms providers will slowly move to a stand-alone 5G infrastructure, however, it is important to be aware of the risks and vulnerabilities involved in this process.
For example, the protocol that is used to make a subscriber connect has the potential to fall victim to a Denial Of Service attack (DDoS), which will cut off the users internet connection and redirect the traffic to the attacker. Therefore allowing the attacker to download the data of a subscriber.
Another protocol responsible for the vital network functions (NFs) can also be breached and contains several vulnerabilities. If used, the hacker can gain direct access to the network profile and impersonate any network service using details such as authentication status, current location, and other personal data. The hacker can also delete NF profiles causing potential financial loss and damaging subscriber trust.
Dmitry Kurbatov, CTO at Positive Technologies, said in an interview that these network security issues can be further damaging when we consider the Internet of Things (IoT) devices, and mass connected cities, which has the potential to put critical infrastructure such as hospitals, transport and utilities in jeopardy.