The Darker Side of 5G Mobile Networks and Why Enterprises Need to Up their Mobile Security

Greater speed, greater capacity, reduced latency and lower battery consumption are among the many benefits that 5G has to offer. But as the ultra-fast mobile network technology is rolled out, with the promise of 20-gigabit speeds, there’s a darker side to 5G that businesses should be aware of. It turns out that 5G networks suffer from the same security issues that have plagued 4G, making mobile one of the least secure ways of transmitting information in the modern age.

Trade-offs of the mobile revolution

It’s not just consumers that have traded landlines for cellphones since the turn of the century – enterprises have followed suit. The stats don’t lie: last year, 73% of all internet consumption was mobile. As a result of this transition, a significant proportion of business is now conducted in the field and carried wirelessly by telecommunications networks. The convenience this has brought has come at the expense of information security.

It is axiomatic that wireless devices are more susceptible to interception than wired ones. For all the precautions that enterprises urge their employees to take when using cellphones, staff remain powerless to detect or prevent advanced attacks that take advantage of the underlying infrastructure on which mobile networks run. From man in the middle attacks to SIM jacking, there’s a plethora of ways in which mobile users can be compromised. One of the most pernicious is through the use of fake cell towers, which trick mobile devices into connecting and giving up their precious data.

The IMSI-catchers with a sting in their tail

The international mobile subscriber identity-catcher, or IMSI-catcher, is an eavesdropping device that can intercept mobile traffic and track the location data of cellphone users. It’s better known as a Stringray, on account of Harris Corporation’s controversial devices that have become a firm favorite with law enforcement and the bugbear of privacy groups the world over. IMSI-catchers such as the Stingray are commonly used for dragnet surveillance, forcing all mobile devices within the vicinity to connect. The technology can assume many forms, including a handheld version known as Kingfish, while the Stringray can be surreptitiously mounted on planes and drones.

The most worrying feature, not least from the perspective of enterprises, is how Stringrays and similar catchers can perform a MITM attack to obtain the target device’s encryption key, use it to authenticate with the genuine cell provider and then decrypt and record all outgoing and incoming content. The potential for abuse doesn’t need spelling out. Given that IMSI-catchers are commercially available, and thus don’t merely fall within the purview of law enforcement, one can only guess at the sort of entities that have access to the devices in the wild, or the sort of nefarious purposes for which they’re deploying them.

Dror Fixler, the CEO of cellular protection firm FirstPoint, is adamant that use of fake cell towers is far more prevalent than commonly assumed. His company has detected and blocked IMSI-catchers in more than 50% of countries visited by its clients. “Airports, border crossings, hotels, near and inside government buildings, near military bases and police stations are the most common places where we’ve detected fake cell towers,” notes Fixler. “Even if one was to assume that these towers were being used for legitimate police activity, the very nature of the tech necessitates blanket surveillance and decryption. In other words, to catch the bad guy, they’ve got to uncloak all the good guys in the process. In countries where corporate espionage is prevalent, often instigated at the behest of nation-states themselves, it’s reasonable to assume that the primary role of these devices is to exfiltrate sensitive data and exploit it to their advantage.”

5G: Faster But No More Secure

It was hoped that 5G networks would prove more resilient to ISMI attacks than their forebears, but as a group of security researchers explained at a black hat conference in Las Vegas last week, 5G “was developed to fix the issues that allow fake base station attacks…But we found that actually 5G does not give the full protection against these fake base station attacks.” One trick that Stringray-like devices can perform is downgrading the security setting of 5G devices, assigning them low-level security intended for basic IoT devices, leaving them dangerously exposed.

Security concerns surrounding 5G aren’t just limited to MITM attacks, either, it should be noted: fears over government-led espionage have sparked a furious debate over-reliance on Huawei to provide wireless infrastructure. Despite having been named a US security threat in May, the Chinese company is poised to dominate the UK’s 5G roll-out, with the four leading wireless operators planning to use Huawei components. As the Guardian notes, “5G will have more sensitive information accessed closer to the edge – or the non-core – of the network, which Huawei’s critics could flag as a concern.”

For every security hole that a new technology claims to patch, it introduces another one. It has been this way since time immemorial, and the introduction of 5G will be no different. For enterprises intent on keeping their company secrets a secret, avoiding doing business over cellular networks altogether is impractical in today’s hyperconnected, remote working age. Acknowledging the severity and scope of threats doesn’t mean being resigned to them, however. There are practical precautions that enterprises can take to limit their exposure, from enforcing strong authentication to securing devices with cellular protection that can detect and block threats. There’s no such thing as perfect security in an imperfect world. Nevertheless, businesses that approach cybersecurity proactively rather than reactively can capitalize on the upsides of 5G while insulating themselves from the downsides.

2 thoughts on “The Darker Side of 5G Mobile Networks and Why Enterprises Need to Up their Mobile Security”

  1. Can’t complain, they actually showed up to the 3GPP meetings when they were hashing out the protocol spec for 5G, unlike a lot of other makers.

    The one glimmer of hope is the new end-to-end (E2E) encryption addendum to the main 5G spec being negotiated now and to be decided in a december meeting. Every law enforcement agency on the planet is fighting the E2E addendum with the claim that their surveillance capability (usually paraded as lawful access) will “go dark”, when in actuality they were already coasting past the golden age of plain text signals intelligence which they didn’t even have before the common use of the telephone. Time for the keystones to do more legwork (or shell out money to metadata miners like Palantir) to keep the edge they believe they have. The metadata search engines are very powerful due to everyone leaking their patterns of life everywhere, so nobody can hide, and the concept of lone wolf ceases to exist.

Comments are closed.