New research indicates that there are serious security flaws present in 5G network technologies that could enable hackers to cause significant disruption or even steal an individual’s identity.
Worryingly, vulnerabilities have been discovered in both the existing non-standalone 5G networks and upcoming standalone networks.
A report from cybersecurity firm Positive Technologies explains that most mobile operators are currently offering 5G services running on non-standalone networks that are based on previous-generation 4G LTE infrastructure. However, with these networks at risk from vulnerabilities in the Diameter and GTP protocols, networks are gearing up to switch to standalone 5G network cores.
Unfortunately, as the Positive Technologies report sets out, the new networks remain at risk of attack. Vulnerabilities in the HTTP/2 and PFCP protocols used by standalone 5G networks could potentially allow attackers to steal subscriber profile data, impersonate individuals, and fake subscriber authentication.
“There is a risk that attackers will take advantage of standalone 5G networks while they are being established and operators are getting to grips with potential vulnerabilities,” Dmitry Kurbatov, CTO at Positive Technologies, commented.
“Therefore, security considerations must be addressed by operators from the offset. Subscriber attacks can be both financially and reputationally damaging – especially when vendors are in high competition to launch their 5G networks. With such a diverse surface of attack, robust core network security architecture is by far the safest way to protect users.”
Kurbatov also notes that as 5G standalone networks become more embedded within society, through the Internet of Things and other applications, the potential damage that could be caused by these vulnerabilities will only increase. Potentially, healthcare, transport, utilities, and many other essential areas of our lives could be disrupted.