Security concerns have always been intense regarding 5G due to massive interconnectivity of Internet of Things (IoT) devices. But now those concerns are heightened after researchers at Purdue University discovered 11 significant vulnerabilities in 5G’s next generation cellular network.
These threats essentially allow real time location tracking and surveillance as well as the ability to spoof emergency alerts to trigger panic.
This research is particularly disturbing because some of these vulnerabilities were supposed to be fixed in 5G. For example, the researchers discovered that the “stingray” surveillance vulnerability is alive and well.
Also called “IMSI catchers” after the international mobile subscriber identity number attached to every cellphone, stingrays masquerade as legitimate cell towers. Once they trick a device into connecting to it, a stingray uses the IMSI or other identifiers to track the device, and even listen in on phone calls.
When a device “registers” with a new cell tower to get connectivity, it transmits certain identifying data about itself. As with the current 4G standard, 5G doesn’t encrypt that data. As a result, the researchers found that they could collect this information with a stingray, and potentially use it to identify and track devices in a given area.
The researchers found that they could use that unencrypted data to determine things like which devices are smartphones, tablets, cars, vending machines, sensors and so on. They can identify a device’s manufacturer, the hardware components inside it, its specific model and operating system, and even what specific operating system version an iOS device is running.
That information could allow attackers to identify and locate devices, particularly in a situation where they already have a target in mind, or are looking for a less common model.
Researchers also discovered that the same exposure that leaks details about a device also creates the opportunity for a man-in-the-middle, like a stingray, to manipulate that data.
Cybersecurity experts still believe that most 4G vulnerabilities are closed off in the 5G security architecture. However, the structure of 5G is different from 4G, because it relies on distributed network architecture and more widely used IT protocols, which itself creates new issues.
Apparently the security concerns with 5G are global. Countries such as Switzerland have slowed or stopped the 5G rollout until they better understand the security impact around critical infrastructure.
Want to know more about 5G Wireless Security? Tonex offers 5G Security Training, a 4-day class that gives participants a strong and intuitive understanding of what security in the wireless systems is and how the security functions are implemented in the 5G, 5G NR, 802.11ax, mmWave/802.11ay radio and core network.
Additionally, Tonex offers 20 more cutting edge 5G Wireless courses with titles like:
D2D Communications Training (2 days)
LTE Advanced Pro Training (3 days)
5G Wi-Fi Offload Training (2 Days)
Mobile Broadband Transformation Training Bootcamp (4 days)
For more information, questions, comments, contact us.