5G and the security challenge

There are seemingly few limits to 5G’s possibilities, but Alex Farrant, senior researcher at Context Information Security, warns that these, along with the changing cyber security landscape, will pose many questions for service providers, new networks and their users.

The past few years have seen multiple critical remote vulnerabilities in mobile handsets, with the potential to affect millions of users, but the impact was mitigated by legacy walled garden designs. Take, for example, the 2019 Apple iMessage bug, CVE-2019-8646, or the 2017 Samsung SMS bug, which could be leveraged by attackers to target an Apple iPhone or Samsung Galaxy handset if the victim’s number was known.

If an attacker doesn’t have the number but wanted to target every device in an organisation, they would either have to get access to the closed signalling network or establish their own fake base station. Both options are complex, expensive and, significantly, require substantial specialist knowledge of cellular air interfaces and arcane signalling protocols such as Stream Control Transmission Protocol (SCTP).

Security researchers looking for vulnerabilities in mobile basebands and user equipment (UE) such as handsets and tablets, for example, must invest a substantial amount of effort in supporting infrastructure to be able to test a device ‘over the air’ (OTA). As a minimum, a researcher would need high-end radios, a GPS timing source, spectrum licensing, protocol stacks and, for 3G/5G testing, programmable SIM cards to get past the mutual authentication.

Register now to continue reading

Thank you for visiting Land Mobile, register now for free and unlimited access to our industry-leading content. 

What's included:

  • Unlimited access to all Land Mobile content

  • New content and e-bulletins delivered straight to your inbox