Before we can begin to tackle the cybersecurity issues created by the introduction of 5G, it’s important to first understand what exactly 5G is. Don’t worry, it’s wavelengths don’t damage your immune system, nor is it responsible for the spread of COVID-19, as some conspiracy theories would have you believe.
So, what exactly is 5G?
5G simply stands for “fifth generation”, because it is the latest generation of cellular networks, the first of which dates back to 1979. 5G is poised to offer greater bandwidth and lower latency—which means faster download times for users and the ability to connect a greater number of IoT devices to the network. Like its predecessors, the first thing that comes to mind when one thinks of use cases for 5G is as a mobile cellular network. In 2020, all of the major US-based mobile carriers have rolled out some form of 5G.
However, 5G-connected devices are not limited to a smartphone or tablet. IoT devices that are using or will use 5G encompass everything from autonomous vehicles to smart homes. In addition to these consumer applications, 5G is particularly useful in military and defense environments, where it will provide a greater scope for intelligence, surveillance, and reconnaissance systems.
5G supports a greater number of connected devices — and increases security risks.
By 2025, it is estimated that the number of 5G devices—both consumer and non-consumer—will top 2.6 billion, more than doubling the number of internet connected cellular devices currently in use. The sheer number of projected 5G-connected devices is just one of the cybersecurity risks associated with 5G. This is because with each new device connected to the network, a new point of entry to that network is created. A standard, consumer IoT device can be hacked by bad actors. Once that device is compromised, the attackers are able to access other insecure devices on the same network. We saw this as recently as 2019, when a Russian-backed hacking group successfully hacked simple IoT devices like printers to gain access to targeted computer networks.
But the risks don’t stop with the expanding attack surface 5G creates.
One of the novel aspects of 5G is that it is taking what has previously been accomplished in hardware and taking it to the software. This provides benefits like easier network updates at a dramatically lower cost than changing hardware. While this capability is one of the technological advancements that makes 5G revolutionary—it’s creating an environment relying on coded software that has time and again been proven to have vulnerabilities that can and will be turned into exploits. Combine this with the billions of devices projected to be using 5G in the next five years alone and, if we do nothing differently, it is a recipe for disaster. Securing the network, and the devices using it, in spite of the inherently flawed software running it, needs to be a top priority.
Software vulnerabilities pose a threat to the security of the new network.
5G may be fairly new, but multiple vulnerabilities have already been identified in the network. A group of researchers from Purdue University and the University of Iowa have identified a total of eleven vulnerabilities that were present in both the 4G and 5G networks. A potential exploit of these vulnerabilities would allow the hypothetical attacker to spy on the user data of devices connected to the network, or even track the location of the user devices on that network.
While this type of vulnerability is concerning enough when you apply it to the billions of consumer devices that are already or will be connected to 5G, it is an especially large security risk when we take into consideration the government and military device applications for the network. An attack of this nature—whether at the hands of another government or private hacking group—compromises the security and safety of everyone, not just those with devices connected to the network.
Considering the entire known universe of software vulnerabilities is well over 80,000, identifying just 11 vulnerabilities may not seem all that alarming. However, 5G does not exist in a bubble. As the next generation of 4G, all of the vulnerabilities that exist in that network have the potential to similarly exploit 5G.
To that point, let’s take a look at just the identified vulnerabilities that affect the world of 4G, 5G, and LTE.
At the time of this writing, there have been nearly 1,900 identified vulnerabilities affecting these networks. 5G is a new and still evolving technology, but the good news is that the vulnerabilities exploiting it are not. While new bugs are being discovered every day, these bugs more often than not, fall within the same categories of vulnerabilities that cybersecurity researchers have spent a huge amount of time and effort in preventing. The true cybersecurity risk of 5G lies not in the potential for a catastrophic vulnerability we’ve never seen before, but in the sheer number of devices (remember, it’s projected to be billions) that will be using the network.
We need a tool that protects against vulnerabilities and prevents them from being turned into exploits, so that we can better secure this new technology and the devices that will be using it.
As illustrated in the chart above, there have been approximately 1,900 identified software vulnerabilities associated with 4G, 5G and LTE. These 1,900 vulnerabilities have been bucketed into 81 categories of vulnerabilities. In comparison, the entire universe of vulnerabilities that could be exploited over the network has over 84,000 vulnerabilities bucketed into 156 categories.
Security patches are ubiquitous, but they are not a fail safe. The issue with security patching is that it is a reactive approach to cybersecurity that only fixes bugs after they’ve been identified—or worse, after a bad actor has exploited it to attack the system. And, again, with billions of devices, when a patch is published how many of those will quickly be patched? History tells us not many.
Securing 5G requires a cybersecurity solution that protects against the categories of vulnerabilities, rather than relying on security patching to fix a vulnerability after it has been identified. Dover Microsystems’ CoreGuard technology is the only solution that prevents network-based attacks by protecting against entire classes of software vulnerabilities. If we take another look at the graph of 4G, LTE, and 5G software vulnerabilities, this time illustrating what CoreGuard protects, we can see that the technology protects against over 90% of all vulnerabilities in this environment.
With a technology as new and evolving as 5G, new vulnerabilities will be identified all the time. Luckily, those new vulnerabilities will be bucketed into already defined classes of vulnerabilities. By protecting against those classes as CoreGuard does, it protects against zero-day attacks that could potentially wreak havoc on any of the billions of devices that will be connected to the 5G network.
While 5G is still being adopted globally, it’s time to start thinking about the security risks it poses and what can be done to prevent them. This new technology requires a proactive cybersecurity approach that protects the systems already using the network, and the millions of devices that will be using it in the future.
To learn more about CoreGuard and how it can provide the level of robust cybersecurity demanded by 5G, request a demo today.