By: Juniman Kasman
5G has long been touted as being inherently more secure than its cellular predecessors—and it is. But that doesn't mean it’s impregnable. The fact that 5G networks are much more software-based than previous cellular networks creates strengths and weaknesses. On one hand, their software basis makes 5G networks highly customizable and enhances speed, capacity, and responsiveness. On the other hand, the software that enables 5G technology makes it vulnerable in a number of worrisome ways. And this is where the real challenges and threats of 5G security come into play.
Hackers are well aware of and eagerly exploiting these vulnerabilities as 5G networks continue to roll out, and communications service providers (CSPs) are in the crosshairs. The Nexusguard Annual Threat Report 2020 showed that CSPs—especially Internet service providers (ISPs)—were among the prime targets of hackers last year, suffering more attacks than other sectors. Not only have threats increased, but they have also become increasingly complex and sophisticated.
In a world where we’re living, working, learning and more online, 5G security is essential. Here is a look at the risks facing CSPs and the measures they can take to safeguard their networks and their customers.
Some of the security risks stem from the nature of 5G technology. While 4G and earlier networks rely on a finite number of hardware points of contact to route traffic, 5G networks use countless dynamic software-based routing points that are challenging to monitor and secure. Also, in 5G many of the apps are run in the software or in the cloud. This makes the apps, as well as customer data, easy prey.
The proliferation of endpoints is another major vulnerability of 5G networks. The Internet of Things (IoT) is spawning billions of smart, Internet-connected devices—like car infotainment systems, smartwatches, thermostats, speakers, baby monitors, and even refrigerators, to name just a few. Many more such devices are in development or are hitting the market as the IoT rushes to capitalize on the speed and capacity of 5G. The problem is that many fledgling IoT devices, especially low-end ones, often lack any meaningful security features. They’re the proverbial weak link, offering vectors into the network that hackers can easily exploit to launch attacks on CSP customers.
Compounding the problem is the fact that device manufacturers aren’t the only ones that neglect security. Many CSPs don’t invest enough in security-apps-related services. According to data from the Global System for Mobile Communications Association (GSMA), 48 percent of mobile network operators report that they lack the knowledge and tools to mitigate 5G network vulnerabilities. Lack of knowledge, device vulnerabilities, and increasingly complex attacks are driving a complex 5G security environment.
Cybercriminals are using various types of attacks against CSPs, including distributed denial of service (DDoS) attacks. In some cases, DDoS attacks aimed at a CSP’s customers can bring down the whole network. Other complex attacks are on the rise, including sophisticated bit-and-piece (carpet bombing) attacks, which drip-feed junk traffic across a large IP pool to paralyze the target, and other UDP-based attacks that can flood target networks with traffic. They can defeat (evade) threshold-based and host-based detection/mitigation countermeasures that are widely applied to a CSP’s network. Other threats include small-sized, short attacks known as “invisible killers,” and extortion and ransom DDoS (RDDoS) attacks that take advantage of the surge in anonymous crypto payments. One of the most concerning issues is the growing threat