Don’t Freak Out, But We Need to Talk About Security and Wireless

It has been said that ‘you can’t have a picnic without a few ants.’ Well, the same can be said for wireless technologies like 4G and now 5G. Users of 4G/5G services get the advantage of superior, uninterrupted connectivity, and the ultimate flexibility for communication and mobile internet. The adoption of 5G will bring even more benefits like reduced latency, energy savings, cost reductions, and higher data capacity. The downside is that mobile wireless services also present security challenges at the hardware and network level. As carriers continue to deploy extensive 4G/5G wireless networks, IT leaders need to be aware of vulnerabilities and security concerns associated with each. This is particularly a concern as 4G/5G is becoming the infrastructure of choice for the Internet of Things (IoT) and business communication applications.

Think about how security issues could play out in a ‘smart city’ IoT application. Potential risks in 5G networks could pose a threat to smart traffic lights and street lighting, or electronic road signs – causing potentially dangerous situations. A recent study by Positive Technologies highlights flaws found in wireless’s GTP protocol (General Tunneling Protocol). With no built-in encryption included in GTP, security and authentication are left to be managed elsewhere in the applications. The report goes on to explain that exploiting these issues doesn’t require super hacker skills either. Instead, it only takes a laptop, a free software installer for ‘testing,’ and basic programming skills. (Source: Positive Technologies).

Don’t forget about AKA

Another issue is that 5G security is built around AKA (Authentication and Key Agreement). This authentication protocol is supposed to address the issue of devices using fake base stations known as IMSI catchers (International Mobile Subscriber Identity-catcher) also sometimes called ‘StingRays.’ However, there are some holes. (Source: Naked Security). Why is this a problem you might ask? By luring a smartphone to connect to a fake base, the protocol permits traceability attacks. Attackers can potentially identify the device’s owner and track their physical location. Although this scenario is harder with 5G, setting up fake base stations is still possible – however, the subscriber’s identity would be hidden using public key encryption managed by the mobile network.

How can security risks affect real users

Even if your business isn’t building a smart city, designing self-driving cars, or launching an enterprise-wide IoT project, organizations should still take notice. Not addressing security holes could lead to data breaches giving bad actors access to your network, Denial of Service (DoS), or a complete takeover. Ordinary mobile users are also vulnerable – would-be attackers can spy on mobile subscribers or potentially intercept internet traffic. If that’s not scary enough, these types of threats could allow for attacks on autonomous vehicles, medical identity, and more.  The good news is that understanding wireless security issues more clearly can help organizations take the proper precautions around their adoption and dependence on mobile wireless networks.

  • 5G offers some security enhancements – Experts tell us setting ISMI StingRays for 5G devices requires a lot more time and sophisticated hacking skills, compared to 4G. This fact buys defenders much needed time to close critical security gaps.
  • Firewalls, intrusion detection systems, and advanced malware – Minimizing security risks are all about reducing issues that account for most security incidents. These tools can help block primary 5G security threats. Malware that goes going beyond signature-based tools can better identify attacks designed to evade basic filters.
  • Network switches and routers should leverage big data and machine learning – For multi-stage threats that avoid basis filters, big data and machine learning tools embedded into network switches and routers can offer advanced protection. Most believe these add-on technologies are ideal because they turn the devices into 5G security sensors.

Security is one of the fastest growing concerns when it comes to the enterprise network. If you want help better understanding security challenges your customers may be facing with 4G/5G connectivity, talk to Broad Sky Networks! We can show you the best practices and steps for keeping data secure at the network’s edge and in transit. We can help! Visit our video library to learn more!