New research on 5G network architecture has revealed a critical security vulnerability that could allow attackers to crash the network, steal data such as user location, or even hijack critical network functions.
The flaw lies not in the 5G protocol itself, but in the way the 5G architecture distributes different functions to different network "slices" and how those slices interact with the older 4G network. [According to a new report from Dublin-based AdaptiveMobile Security, "We have identified in the slicing model how information can be compromised, how services can be misused, how denial-of-service against network elements We outlined several ways in which an attack could be executed.
This flaw leaves 5G vulnerable to denial of service (DoS) attacks and data access exploits between numerous network slices performed on any 5G network, exposing sensitive customer information to cybercrime.
To maximize speed, timeliness, and efficient use of bandwidth, the core 5G mobile network can be divided into "slices," which are separate virtual network blocks with different characteristics.
Mobile operators can provide core 5G separately to different industries by effectively slicing resources. [For example, a slice dedicated to video streaming could prioritize bandwidth over timeliness and speed, a slice dedicated to automotive functions could prioritize timeliness over bandwidth and speed, and a slice dedicated to gaming could prioritize all three.
However, while 5G slicing is theoretically secure, all of these different slices must communicate securely with each other. This is complicated by the fact that many of these slices will use some 4G technology during the transition to 5G, which is expected to last several years.
Network slicing is likely to expand rapidly in the coming years, driving 5G growth by enabling the formation of private wireless networks, and according to an ABI Research study, 5G network slicing is expected to generate up to $20 billion by 2026 revenue, according to the study.
Unfortunately, where there is opportunity, con artists are not far behind; AdaptiveMobile last month (Feb. 4) conducted a study on the threat of 5G network slicing and shared its findings with the GSM Association (GSMA).
AdaptiveMobile believes that even though the threat to 5G remains low at this time due to the rarity of mobile operators with multiple live network slices on their networks, if left unchecked, this issue could develop into a significant security risk and could lead to 5G could undermine mobile operators' efforts to develop new revenue streams and grow with the inevitable surge in 5G over the next few years, warns the report.
The new study highlights the vulnerability of 5G core networks, which boast both dedicated and shared capabilities.
The analysis argues that such "hybrid" characteristics, which support multiple network slices, can spur a disconnect between application layer and transport layer identities. The result is a mapping failure, leaving opportunities for cyber attackers to launch DoS attacks or steal data.
In an official white paper, AdaptiveMobile Security rigorously tested whether existing 5G-standard security measures could thwart the attack and identified three attack vectors based on the flaw. The answer is "no," and the attack scenarios identified cannot be prevented with current technology.
The targeted attacks exploit edge network functions connected to the cellular operator's infrastructure, allowing attackers to exploit weaknesses in the mapping to gain access to the operator's core network and various enterprise network slices. By exploiting weaknesses in the mapping, attackers can gain access to the carrier's core network as well as various enterprise network slices.
Silke Holtmanns, Head of 5G Security Research at AdaptiveMobile Security, clarified the scale of the problem, explaining: "Currently, the impact of this network slicing attack on real-world applications , limited only by the number of slices operating in 5G networks worldwide."
However, as the best 5G phones become cheaper, the threat will increase.
"But the cheaper the 5G phones become, the greater the threat.
Holtmann's recognizes this and adds: "We are pleased to be working with mobile network operators and the standards community to identify these vulnerabilities and promote best practices going forward.
While the tone of these innovative 5G technologies is rather somber, new technologies bring new opportunities to the industry, and with them, new avenues for fraudsters to steal your sensitive data and skim off the benefits of these innovative network features before they truly take hold It is a reminder that this opens the door.
Details Rogue apps fleecing iOS and Android users out of millions of dollars - what to do
.
Comments