A lot of excitement and anticipation surround the development and deployment of 5G. This entirely new type of wireless network, more than just being a faster version of 4G, has the potential to enable advancements in many fields, including transportation, aviation, and the wide range of home and work devices comprising the Internet of Things (IoT).
Speedy implementation may be one top goal, but security is just as important. Developers and telecom companies must implement upfront security measures if 5G is to realize its full technological promise. With full 5G implementation still in a somewhat distant future, quality assurance companies like BairesDev can help to prioritize proactive security.
Improvements Over 4G
Compared to 4G networks, 5G does improve on certain security defenses. Since more data is strongly encrypted with 5G, a lower percentage is vulnerable to interception. New anti-tracking and anti-spoofing features make it harder for hackers to manipulate connected devices on a 5G network. And since 5G is software-based, as opposed to hardware-based like older networks, there are new opportunities to identify threats.
5G permits network slicing, which segments the system into several different virtual networks. Operators can manage those slices separately, assigning different protections tailored to the device types using each one. 5G offers more secure identity management options, so operators can choose identifier formats, credentials, and methods for authenticating individual users and IoT devices.
Conversely, 4G networks have only two “currencies”: speed (how fast you can upload and download) and throughput (how much volume the network can handle). Verizon has defined eight currencies for its 5G network: peak data rate, mobile data volume, mobility, connected devices, energy efficiency, service deployment, reliability, and latency. These additional currencies can enable new cybersecurity measures:
- Mobility. Staying connected while traveling at fast speeds can allow a security system that travels from place to place to use cloud technology, rather than remaining fixed in one network location.
- Mobile data volume. Accommodating huge amounts of data can enable AI-powered security systems to better spot anomalies in user behavior for threat detection and mitigation.
IoT Devices Are Less Secure
Still, the number of IoT devices is growing faster than the global population, potentially reaching 25 billion devices by 2021. The fact that huge numbers of connected devices will be on 5G networks increases security challenges by providing more targets for hackers to exploit. IoT is also expanding into sensitive areas like public safety, military, transportation and medical, increasing potential opportunities for cyberattacks on critical systems.
IoT devices are notoriously insecure, meaning smart home and smart work environments are at risk. Hackers tend to target new technologies, like IoT devices, because they’re often more vulnerable than established ones that have longer track records of identifying and defending against threats.
The primary weak link for IoT is the communication between connected devices, each of which may have a different security level. All it takes is one weak element, like a thermostat left on default password settings, to allow hackers to access an entire network. Botnets can even exploit these weaknesses to take control of devices and use them as cyber weapons.
More of the Same
The same types of cyberattacks already taking place are likely to be replicated with 5G on a larger scale but with greater potential impacts. While a 4G network botnet attack might allow the takedown of websites, a 5G attack could hijack a network of self-driving cars causing chaos on roads and highways.
5G’s vastly increased speeds mean a cyberattack can access and download data at a much faster rate. And, since 5G handles a much larger volume of data, it could be more difficult to spot anomalies in user behavior, allowing hackers to “hide.” Attacks likely to continue happening with 5G include:
- Fake base station attacks. Devices called stingrays masquerade as cell towers and trick user devices into connecting to them.
- Downgrade attacks. Hackers manipulate target devices to downgrade to 3G or 4G networks where they can more easily carry out attacks.
Standards and Practices on the Way
Government agencies, telecommunications companies, and trade groups are working to create 5G security standards and best practices. These efforts can facilitate proactive investments to address cybersecurity up front during the design phase rather than after deployment. For example:
- The GSM Association mobile trade group has a 5G Security Taskforce that brings together mobile operators and vendors to coordinate proactive responses to key security issues.
- The National Institute for Standards and Technology, part of the U.S. Department of Commerce, is collaborating with industry participants to develop a Cybersecurity Practice Guide to provide standards and recommended practices for secure 5G networks.
- The Council to Secure the Digital Economy, a partnership between businesses and trade groups, has produced an International Botnet and IoT Security Guide to provide strategies to protect against cyberattacks.
- Verizon’s Built on 5G Challenge offers a $1 million prize for a unique cybersecurity idea that builds on the eight currencies of 5G.
5G technology is coming, with its many benefits and exciting new possibilities. Cybersecurity remains essential, however, and should be a priority in the development and deployment of 5G networks and the devices that use them.