DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • Leadership Suite
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Blogs » IT as Code » IT Security » How 5G Mobile Networks Will Change IoT Security

5G continuous delivery

How 5G Mobile Networks Will Change IoT Security

By: Marty Puranik on February 26, 2020 2 Comments

Depending on your location, you might have noticed a new 5G icon on your cell phone recently. The roll-out of the new 5G mobile network is largely a positive change for consumers and businesses. The fifth generation of cellular networks (hence 5G) purports to be one of the fastest wireless networks ever created.

Recent Posts By Marty Puranik
  • Does the Empire Strike Back When We Learn What Happens to the $10 Billion JEDI Contract?
More from Marty Puranik
Related Posts
  • How 5G Mobile Networks Will Change IoT Security
  • Accelerating IoT by Switching Gears to 5G
  • Developer Tooling for Emerging Technology
    Related Categories
  • Blogs
  • Infrastructure/Networking
  • IT as Code
  • IT Security
    Related Topics
  • 5G
  • 5G mobile
  • 5G network
  • IoT security
  • security
  • zero-trust
Show more
Show less

This technology claims to provide more efficient interconnectivity, and faster data transfers between people, objects and devices. All good things, right? But what security risks does 5G represent for the modern age?

DevOps Connect:DevSecOps @ RSAC 2022

Some cybersecurity experts suggest that new vulnerabilities are versions of problems not entirely flushed out from 4G and even 3G networks. This article will attempt to explore some problems and opportunities that IoT security experts need to be aware of, and how savvy enterprises can be proactive about security in the age of 5G.

Riding the 5G Wave

A business’s potential is only as great as the technology they elect, as an organization, to adopt and use. One of the first benefits that 5G provides comes from the additional speed that the network provides. 4G posted average download speeds around 20Mbps. With a fully deployed and optimized 5G network, users should expect those download speeds to reach anywhere from 500 to 1,500Mbps. 

Raw speed is one thing, being able to harness this type of efficiency is another. A Barclays’ poll recently reported that only around 28% of businesses understand 5G or the practical business applications the network offers. 

Along with the challenges of leveraging the increased speed of the 5G network for business purposes, another important aspect of 5G education involves the security risks associated with faster technology. We suspect that if only 28% of businesses understand the practical applications of a 5G network, the awareness of potential security risks may be a similarly low figure.

Getting Up to Speed on G Security

While 5G touts a tighter grip on security, experts in the space will remind us that some of the concerning holes in the security of 4G, and even 3G, networks have been carried over into the rollout of 5G. Give credit where it’s due, the 5G security wins are associated with the encryption process which improves anti-tracking and spoofing features. This means that would-be criminals have a much harder time tracking and manipulating device connections.

5G is also more software and cloud-focused than previous versions, which allows for better monitoring so threats can be spotted and mitigated more quickly. 

While this is good for consumers, it’s not a perfect system by any means. “Stingray” devices can still be used to deploy fake base station attacks, which allow attackers to intercept mobile traffic and potentially manipulate data.

Downgrade Attacks

Purdue University and the University of Iowa outlined findings from design issues in the 5G protocol that exposed 11 vulnerabilities that may be exploited by bad actors. Five of these discovered vulnerabilities were carried over from 3G and 4G networks. Notably, a “downgrade attack” which essentially reverts the devices to use old mobile data networks. On top of potentially leading to higher wireless bills, this may allow attackers to track calls, texts or browsing habits on devices.

If a device is forced to operate in a limited-service mode, an article in WIRED explains how IMSI numbers may also become exposed because of a downgrade attack.

“One purported benefit of 5G is that it protects phone identifiers, like your device’s ‘international mobile subscriber identity,’ to help prevent tracking or targeted attacks,” stated WIRED. “But downgrade attacks like the ones the researchers found can bump your device down to 4G or put it into limited service mode, then force it to send its IMSI number unencrypted. Increasingly, networks use an alternative ID called a Temporary Mobile Subscriber Identity that refreshes periodically to stymie tracking.”

Tips to Avoid Security Pitfalls in the Age of 5G

In the age of the fastest speeds ever seen and nearly ubiquitous connectivity because of the rapid adoption of IoT devices, it’s becoming apparent that a zero trust model could help address security concerns with 5G and beyond. 

This may require additional education to be available for employees, but an increase in security best practices for endpoint users is something that will benefit an organization tremendously. Zero-trust security models continually check the user’s presence and behavior within a network regardless of whether the user is human or machine. 

It might seem like a great idea, but adopting the model isn’t a change to be taken lightly. A survey conducted by AT&T about 5G security indicated that just 33% of respondents reported they are currently using multi-factor authentication—the road to zero trust will take buy-in from executives and managers. 

Sharing the Burden of Security

The 5G rollout does provide built-in security features, but it should not be viewed as the Holy Grail. An organization will benefit from having a comprehensive security model, but that doesn’t mean they need to single-handedly oversee every aspect of that model. 

5G is a combined effort that involves network operators and enterprises, and shared responsibility is essential for long-term success. Managed service providers should be considered by companies that may be short-staffed, or don’t have the in-house resources to cover other important areas of security, such as ransomware protection.

Security within a business can’t exist in a silo, it’s a team sport—make sure you’re on the winning side.

— Marty Puranik

Filed Under: Blogs, Infrastructure/Networking, IT as Code, IT Security Tagged With: 5G, 5G mobile, 5G network, IoT security, security, zero-trust

Sponsored Content
Featured eBook
The State of Open Source Vulnerabilities 2020

The State of Open Source Vulnerabilities 2020

Open source components have become an integral part of today’s software applications — it’s impossible to keep up with the hectic pace of release cycles without them. As open source usage continues to grow, so does the number of eyes focused on open source security research, resulting in a record-breaking ... Read More
« The Entrepreneurial Spirit
DevOps Chats: Kubernetes is the New Compute, with Rancher Labs’ Sheng Liang »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Continuous Deployment
Monday, July 11, 2022 - 1:00 pm EDT
Using External Tables to Store and Query Data on MinIO With SQL Server 2022
Tuesday, July 12, 2022 - 11:00 am EDT
Goldilocks and the 3 Levels of Cardinality: Getting it Just Right
Tuesday, July 12, 2022 - 1:00 pm EDT

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.