The promises of faster speeds and better service can occasionally mask a number of security concerns affecting 5G technology, which is being deployed by nations worldwide. Despite advancements in data encryption, authentication, and privacy, these security issues persist. The Third Generation Partnership Project (3GPP), the technical standards body for cellular communications, has released new releases that address these issues.
The Trump administration’s efforts to bar technology from China’s tech giant Huawei from being used in next-generation networks in the United States underscore the most well-known security concerns surrounding 5G. Although it hasn’t had much luck, the US government is also trying to get its friends in Europe and elsewhere to reject Huawei. The fundamental concern behind the Huawei ban is that, as a Beijing-based corporation, it may very well incorporate spying features into its products or otherwise serve the Chinese government, making 5G utterly unsecure from the start.
Previous cellular weaknesses that 5G does not address
Experts have identified further security vulnerabilities in 5G technology. At this year’s Shmoocon conference, an expert on the subject named Roger Piqueras Jover began his session by pointing out that while some mobile technology corporations claim that 5G is more secure, researchers are pointing out issues even before the technology has been released. (Jover works as a security engineer in Bloomberg L.P.’s CTO’s office during the day and conducts side research on mobile technology. His perspective on mobile technology does not align with Bloomberg’s viewpoints.
During his presentation and subsequent conversations with CSO, Jover stated that 5G standards and plans do not solve the primary issues that beset GSM, 4G, and LTE, the three major mobile technology generations. In particular, the 5G specifications and suggested architectures retain the capability to intercept so-called pre-authentication messages between the user’s base station and the cellular tower, which could enable attackers to intercept messages in the clear.
When using cellular, a tower broadcasts messages to your phone. It might be 4G, 5G, or even 3G. Jover informs CSO, “The tower is saying, ‘Hey, I’m your operator. Because there is no cryptographic method to confirm it, you have to assume that it is accurate.
The carrier initiates a cryptographic handshake before starting the message routing process. Nevertheless, “There are a lot of messages exchanged in both directions that you implicitly trust” during this pre-authentication phase. According to Jover, you have faith that the person you are speaking with is legitimate, and the operator has faith that it is a smartphone.
Malicious actors can do “all kinds of things” by manipulating these unencrypted messages. Although they are optional, both LTE and 5G standards were created to prevent this international mobile subscriber identity (IMSI) catching, also known as Subscription Permanent Identifier (SUPI) attacks in the context of 5G technology. According to Jover, optional features are rarely used.
The solution for digital certificates
Jover claims that there is an easy way to solve this issue. Use digital certificates in 5G, in addition to the indicators that show the connection is encrypted. For more than a decade, certificates have been in use. The state of this technology is fairly advanced. He asks, “Why not employ the same technology?” “I personally feel comfortable entering my credit card information on a website” that displays an encrypted connection with an HTTPS lock icon in the address bar.
Jover states that in order to give these devices a means of cryptographically confirming that they are in fact communicating with a base station, “you could, and probably should, use digital certificates.” Additionally, these certificates might aid in filtering out websites from unfavorable sources or areas. “Choosing which certificate authorities to trust is very simple if you use digital certificates.”
Jover mentions several problems. First, because 5G standards do not yet support this form of encryption certification, as he stated at Shmoocon, “It would require a lot of global efforts of standards.” Second, since users cannot access the internet until they establish a connection with the carrier, cellphones are unable to prevent trusted certificates that have been revoked in advance.
Digital certificate capability in 5G networks may be useful, but cryptographer and Harvard Kennedy School associate Bruce Schneier tells CSO that “there are 20 problems with 5G, and this might be problem number 17.”
All 5G trust issues won’t be resolved by certificates.
Schneier claims he has not examined Jover’s work, but he contends that the implementation of 5G is surrounded by far more serious and substantial security issues. According to Schneier, “you don’t jump from a certificate system that aids in the authentication of unauthenticated messages to solving the ‘trust’ problem.” “We fear that Huawei incorporates backdoors into its chips. Unauthenticated messages have nothing to do with that trust issue.
There are numerous security issues with 5G across several tiers of its protocol stack, as Jover and Schneier agree. They both seem to be supporters of the 5GReasoner plan, which is a framework for addressing the intricate and use-case-specific difficulties related to 5G and was put out by researchers from Purdue University and the University of Iowa. Jover told CSO, “That paper is the greatest thing that has happened in cellular.”
According to Schneier, CSO, “nobody wants 5G security.” The governments enjoy snooping on 5G. Carriers don’t give a damn. They will follow the law.
Many of those 4G-related vulnerabilities were either intentionally left unfixed by the government or were not addressed by the ITU, the organization that sets standards, according to Schneier. To put it briefly, there is no longer any time to address 5G security from the ground up. If so, the globe will have to wait for security updates in 6G, which most experts predict will go into commercial use around 2030.