You’ve probably been hearing the hype about lightning-fast 5G for years now. And while the new wireless networks still aren’t ubiquitous in the United States, 5G is slowly cropping up in cities from Boston and Seattle to Dallas and Kansas City. With the faster connection speeds will come increased security and privacy protections for users, as the wireless industry attempts to improve on the defenses of 3G and 4G. But while 5G researchers say that the new network will bring major improvements, it still has some shortcomings of its own.
There are a few major security wins in 5G. Many relate to anti-tracking and spoofing features that make it harder for bad actors on a network to track and manipulate individual device connections. To do this, 5G encrypts more data, so less is flying around in the clear for anyone to intercept. 5G is also a much more software and cloud-based system than previous wireless networks, which will allow for better monitoring to spot potential threats. It will also enable operators to do what’s called “network slicing”—segmenting the system in numerous virtual networks that can be managed and customized separately. This means that different “slices” could have different tailored protections for specifics types of devices.
“5G has really good promise for security,” says Ravishankar Borgaonkar, a research scientist at the Norwegian tech analysis firm SINTEF Digital. “Encrypting identifiers is a really good thing, and network slicing is a network paradigm shift. But there are still other ways that users can be tracked and there are questions about how to guarantee the trustworthiness of the [5G] software. So there’s always room for improvement.”
Over the last year, Borgaonkar and other researchers have found and reported a number of security weaknesses in 5G to the mobile trade group GSMA, one of a group of organizations that manage the standard. Many of the findings focus on ways that users can still be tracked while connected to 5G, using information that remains unencrypted as it is transmitted or that leaks because of a flaw in the standard. This can allow attacks known as fake base station attacks with devices often called “stingrays” that trick target devices into thinking they are a cell tower and connecting. From there, attackers can intercept mobile traffic to spy on victims and even manipulate data.
Researchers have also pointed out that some flaws in 5G allow for “downgrade” attacks in which a target’s phone connection is manipulated to downgrade to 3G or 4G service, where hackers could use unresolved flaws in those older networks to carry out attacks.
The GSMA says that it welcomes scrutiny of the 5G standard, because it has allowed the organization to catch and fix potential vulnerabilities before the 5G networks are widely deployed.
“The GSMA has been getting the industry ready for 5G, working on the security technology that underpins the standards which define the new secure-by-design 5G technologies,” says Amy Lemberger, cybersecurity director, GSMA. She notes that since April, the GSMA’s “5G Security Taskforce” has been bringing mobile operators and vendors together so they can coordinate proactively on issues like network slicing requirements and 5G fraud models.
Researchers say that while collaborations with GSMA have been fruitful, they’ve identified problems that have yet to be completely resolved; in part, that’s because of the difficulty of ensuring that 5G can interoperate with older wireless networks like 3G and 4G. Building out 5G while seamlessly integrating with the older generation networks is difficult and can erode privacy and security.
“5G is a big step forward on several fronts, but won’t actually provide a full security upgrade until we see pure 5G networks with no legacy tech—so not for another 10 years or more,” says Karsten Nohl, founder of the security research firm SRLabs.