DEV Community

Cover image for Security Risks of 5G Networks
SureShot Software
SureShot Software

Posted on

Security Risks of 5G Networks

The talk of the town, the next big thing, a revolutionary breakthrough – the 5G technology lives up to all of these clichés. It captures the imagination with potential use cases capitalizing on the impressively high speed, low latency, and mind-blowing network capacity.

The state of 5G deployment currently ranges from large-scale field testing to commercial roll-outs in small portions around the world. Next-generation connectivity is already available in dozens of cities in the United States, Europe, and East Asia. Moreover, these advanced telco systems are expected to become the backbone of digital economies in the near future.

Just like any new technology, 5G networks can be low-hanging fruit for threat actors who seek to expand their malicious reach. Therefore, it’s in governments’ best interest to assess and tackle the entirety of potential security issues prior to the ubiquitous implementation of the tech.

These concerns have recently incited some expert discussions in the European Union. In October, EU member states released a report on “coordinated risk assessment of 5G networks security”. It came in response to a recommendation issued by the European Commission, the executive branch of the EU, in March 2019. Here are the key takeaways from the officials’ findings.

Supplier monopoly deemed as a major risk

The report emphasizes the possible pitfalls of using a single supplier of 5G equipment, namely the Chinese technology giant Huawei. Interestingly, the document contains no direct references to the company in question, although the collaboration is officially underway. Network infrastructure with the solo contractor at its core is susceptible to a number of issues, including a shortage of telecommunications gear, dependencies on the supplier’s commercial well-being, and primitive malware attacks.

In light of this paradigm, the researchers claim network operators will have to rely too heavily on the contractor that may undergo commercial pressure and therefore fail to carry through with its obligations. The adverse influence may stem from economic sanctions affecting the supplier, as well as from a merger or acquisition scenario. Consequently, such cooperation has a single point of failure (SPOF) that might undermine the successful adoption of the technology and stability of the network down the road.

An extra factor is a strong link between the supplier and the government of the country it is based in. It means there is a chance of state-level interference with the equipment provider’s activities. Furthermore, a lack of democratic checks and balances and the absence of data protection agreements between the European Union and said country are serious roadblocks endangering the future partnership.

According to the officials, one more facet of the peril comes down to a tightening connection between the EU’s telco networks and third-party software systems. The elevated scope of access the supplier will have to the region’s 5G infrastructure and the transferred data is a lure for cybercriminals who may take significant efforts to exploit these systems.

Additional security challenges – the big picture

Aside from the obvious caveats arising from the increased role of hardware and software suppliers, the joint report provides a lowdown on other possible security effects of 5G networks deployment across the European Union. A summary of these challenges is as follows.

  • More entry points for attackers

The architecture of 5th generation wireless networks is largely based on software. This hallmark makes them particularly vulnerable to security imperfections resulting from vendors’ inappropriate software development processes. Critical flaws may allow malefactors to inject backdoors into the applications and thereby maintain long-lasting surreptitious access to different layers of the targeted 5G infrastructure.

  • 5G network slicing issue

Given that 5G will enable numerous services and applications operating within different virtualized environments, such as enterprise and government networks, the importance of securing these logically segregated ecosystems is going to grow. Unless reliably isolated and protected, these network segments (dubbed “slices”) can be exposed to data leaks.

  • Scarce software update management

Different operational maintenance procedures come to the fore in 5G networks. This aspect is extremely relevant when it comes to software updates. Regular system patches are crucial for reducing the risk of malicious exploitation via security loopholes in applications. Software suppliers will need to focus on identifying new vulnerabilities and releasing appropriate fixes as fast as possible.

  • Compliance with the standards

There is a lack of clear-cut security regulations for mobile wireless communications based on 5G at this point. The current 3GPP (3rd Generation Partnership Project) standards mainly apply to earlier mobile telephony protocols and don’t fully address the emerging challenges. The new security requirements have yet to be researched, formulated, and adopted at the state level.

  • The talent gap

The advances of 5G networks and their mainstream use in the future will incentivize criminals to add more sophisticated attack vectors to their repertoire. The security industry should be prepared for increasingly complex TTPs (Tactics, Techniques, and Procedures) of the adversaries. Therefore, it’s critical to fill the void in terms of security personnel with sufficient skills and knowledge of 5G architecture and its potential weak links.

What does Huawei have to say?

Although the name of this Chinese telecommunications equipment company wasn’t mentioned in the EU risk assessment report, the references to the “single supplier” in the document are quite verbose and can be interpreted unambiguously.

On a side note, the company has a controversial track record in the United States and Australia. The latter country banned Huawei from providing 5G equipment altogether. The U.S. legislators introduced a bill in early 2018 to prohibit the federal government and its agencies from purchasing and using Huawei’s telco gear. In both cases, the vendor has been accused of spying for the Chinese government.

In response to European officials’ concerns, Huawei issued a press release on the same day. According to this statement, the company welcomes the EU’s “commitment to take an evidence-based approach, thoroughly analyzing risks rather than targeting specific countries or actors.” The Chinese supplier of 5G equipment additionally emphasized that they are a “100% private company wholly owned by its employees”, thus probably implying that there is no interference of the country’s government with their internal business processes.

These claims are certainly reassuring. Hopefully, they are backed by benign intensions and anticipation of a long-term strategic partnership without any form of abuse behind the scenes. One way or another, 5G is here to stay. It introduces a bevy of benefits while being an unexplored territory that will make experts rethink the security paradigm.

Top comments (0)