The emerging risks of 5G
The stage is being set for a 5G planet
Blazing fast wireless 5G networks are already beginning to pop up in a few major metropolitan areas in the U.S. and across Asia and Europe. Although the promise of 10 Gbps and 20 Gbps speeds is enticing, we shouldn’t get too excited just yet. It could take many years for 5G to become ubiquitous, since the technology requires a very high density of antennas or “small cells.” Another huge benefit of 5G is low latency -- not only is it faster, but there is much less lag or delay, which can be really important when it comes to guiding self-driving cars for example.
The enterprise will likely be the biggest early benefactor of 5G
Although there is a lot of pent-up demand for higher speeds among consumers, it’s the enterprise that may reap the initial benefits of 5G. Companies like Verizon, AT&T, and T-Mobile are banking that “network slicing” is going to be a hot new product in their portfolio, and there are some good reasons why. Just like fiber in the ground can be divided into wavelengths and sold as virtual networks, 5G frequency can also be “sliced” into different segments to be sold to different industries. These network slices can have different characteristics. For instance, a low latency slice might be sold to a hospital performing robotic surgeries. Or, a less-expensive, slower pipe could be sold for an IoT application like a smart vending machine that only needs to report inventory once a day.
What has really captured carriers’ interests is 5G’s potential to replace traditional last-mile technologies. Capital intensive infrastructure investments like Fiber-to-the-Curb can now be superseded by 5G. The technology does require a significant investment from the carriers, since a higher frequency is deployed, which doesn’t travel as far. Instead of traditional cell towers, mobile operators will need to deploy many “small cells,” and they will need to deploy a lot of them. Small cell density translates to greater speed for the enterprise. It’s faster than Wi-Fi, and many employees may opt to connect to the company 5G network over Wi-Fi because of that.
But is it safe?
In fact, 5G has been heralded as the most secure cellular technology to date, but some recent well-publicized exploits shouldn’t be ignored. The 3GPP governing body that maintains the 5G specification is already amending the security stack for 5G based on some recent findings published at Blackhat. Researchers discovered that both 4G LTE and 5G networks called for unencrypted transmittal of device capabilities that could leave devices susceptible to Man-in-the-Middle (MiTM) attacks. More recently, a tool developed by university researchers called 5G Reasoner brought to light many more potential security issues with the 5G protocol. Hardening the security protocols around 5G is a smart thing to do before deployments are widespread, but it is alarming that exploits are appearing long before 5G networks have reached mainstream deployment.
Homeland Security and 5G
“Compromised devices may provide malicious actors with persistent access to 5G networks and the capability to intercept data that routes through the devices” - U.S. Dept. Of Homeland Security
In a leaked memo, some members of the Department of Homeland Security argued for a nationalized 5G network to mitigate potential security risks. Their concerns about 5G vulnerabilities are highlighted in this recent public report, and outlined below:
- Supply Chain Some of the biggest manufacturers of the equipment that runs 5G networks are from “untrusted” nations.
- Network Risks At its inception, 5G networks will be closely tied into 4G networks, and will inherit some of the risks involved with 4G in addition to those found in 5G. As noted earlier, researchers at BlackHat already announced some early 5G vulnerabilities in the form of a mobile network mapping exploit, where a hacker could potentially gain details about a device such as the type and OS of a device, and more importantly, the location.
- Network Deployment We already mentioned there are going to be many more small cells than traditional 4G towers, and that means there are more opportunities for a cell to be misconfigured in a way that leaves it open to an exploit. With so many cells out there, it may also be easier to run a rogue small cell without being discovered.
- Loss of Competition and Trusted Options This risk affects carriers that may be locked into contracts with untrusted suppliers because of proprietary technology components. Since 5G will initially be intermingled with 4G, mobile operators may be locked into making choices that can compromise the security of their networks.
How to mitigate 5G risks
As technology evolves beyond the traditional boundaries of corporate perimeters, they can no longer be certain of the integrity of the network. Organizations need to shift their focus to embrace an approach of never trusting, always verifying the endpoints that access these networks. That means taking a layered approach to security. Is the device on the 5G network compromised? Is it being targeted in a MiTM attack? If the device is untrusted, should it be able to access company content, whether it resides on the device, in the company network, or in the cloud?
While we don’t know a lot about the risks that will emerge with 5G, a mobile-centric Zero Trust approach to security can mitigate many of the risks. Zero trust assumes that bad actors are already in the network and secure access is determined by a “never trust, always verify” approach. A mobile-centric, zero trust approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to any device or user. It ensures only authorized users, devices, apps, and services can access business resources.
Make sure your company is ready for 5G
MobileIron UEM, and complementary products such as MobileIron Access and MobileIron Threat Defense, can help protect your company as you begin your journey into the 5G era. For more information, please click here to have a MobileIron representative reach out to you, or click here to begin a free 30-day trial of MobileIron Cloud UEM.