How 5G Mobile Networks Will Change IoT Security

Depending on your location, you might have noticed a new 5G icon on your cell phone recently. The roll-out of the new 5G mobile network is largely a positive change for consumers and businesses. The fifth generation of cellular networks (hence 5G) purports to be one of the fastest wireless networks ever created.

This technology claims to provide more efficient interconnectivity, and faster data transfers between people, objects and devices. All good things, right? But what security risks does 5G represent for the modern age?

Some cybersecurity experts suggest that new vulnerabilities are versions of problems not entirely flushed out from 4G and even 3G networks. This article will attempt to explore some problems and opportunities that IoT security experts need to be aware of, and how savvy enterprises can be proactive about security in the age of 5G.

Riding the 5G Wave

A business’s potential is only as great as the technology they elect, as an organization, to adopt and use. One of the first benefits that 5G provides comes from the additional speed that the network provides. 4G posted average download speeds around 20Mbps. With a fully deployed and optimized 5G network, users should expect those download speeds to reach anywhere from 500 to 1,500Mbps. 

Raw speed is one thing, being able to harness this type of efficiency is another. A Barclays’ poll recently reported that only around 28% of businesses understand 5G or the practical business applications the network offers. 

Along with the challenges of leveraging the increased speed of the 5G network for business purposes, another important aspect of 5G education involves the security risks associated with faster technology. We suspect that if only 28% of businesses understand the practical applications of a 5G network, the awareness of potential security risks may be a similarly low figure.

Getting Up to Speed on G Security

While 5G touts a tighter grip on security, experts in the space will remind us that some of the concerning holes in the security of 4G, and even 3G, networks have been carried over into the rollout of 5G. Give credit where it’s due, the 5G security wins are associated with the encryption process which improves anti-tracking and spoofing features. This means that would-be criminals have a much harder time tracking and manipulating device connections.

5G is also more software and cloud-focused than previous versions, which allows for better monitoring so threats can be spotted and mitigated more quickly. 

While this is good for consumers, it’s not a perfect system by any means. “Stingray” devices can still be used to deploy fake base station attacks, which allow attackers to intercept mobile traffic and potentially manipulate data.

Downgrade Attacks

Purdue University and the University of Iowa outlined findings from design issues in the 5G protocol that exposed 11 vulnerabilities that may be exploited by bad actors. Five of these discovered vulnerabilities were carried over from 3G and 4G networks. Notably, a “downgrade attack” which essentially reverts the devices to use old mobile data networks. On top of potentially leading to higher wireless bills, this may allow attackers to track calls, texts or browsing habits on devices.

If a device is forced to operate in a limited-service mode, an article in WIRED explains how IMSI numbers may also become exposed because of a downgrade attack.

“One purported benefit of 5G is that it protects phone identifiers, like your device’s ‘international mobile subscriber identity,’ to help prevent tracking or targeted attacks,” stated WIRED. “But downgrade attacks like the ones the researchers found can bump your device down to 4G or put it into limited service mode, then force it to send its IMSI number unencrypted. Increasingly, networks use an alternative ID called a Temporary Mobile Subscriber Identity that refreshes periodically to stymie tracking.”

Tips to Avoid Security Pitfalls in the Age of 5G

In the age of the fastest speeds ever seen and nearly ubiquitous connectivity because of the rapid adoption of IoT devices, it’s becoming apparent that a zero trust model could help address security concerns with 5G and beyond. 

This may require additional education to be available for employees, but an increase in security best practices for endpoint users is something that will benefit an organization tremendously. Zero-trust security models continually check the user’s presence and behavior within a network regardless of whether the user is human or machine. 

It might seem like a great idea, but adopting the model isn’t a change to be taken lightly. A survey conducted by AT&T about 5G security indicated that just 33% of respondents reported they are currently using multi-factor authentication—the road to zero trust will take buy-in from executives and managers. 

Sharing the Burden of Security

The 5G rollout does provide built-in security features, but it should not be viewed as the Holy Grail. An organization will benefit from having a comprehensive security model, but that doesn’t mean they need to single-handedly oversee every aspect of that model. 

5G is a combined effort that involves network operators and enterprises, and shared responsibility is essential for long-term success. Managed service providers should be considered by companies that may be short-staffed, or don’t have the in-house resources to cover other important areas of security, such as ransomware protection.

Security within a business can’t exist in a silo, it’s a team sport—make sure you’re on the winning side.

— Marty Puranik