Home5G & BeyondPositive Technologies warns there's 50 ways to hack a 5G network

    Positive Technologies warns there’s 50 ways to hack a 5G network


    Tip of the iceberg: the price of software-defined networks could be endless hackers, ransom demands and eternal vigilantes

    Every big Radio Access Network (RAN) software rollout runs the risk of major T-Mobile style breaches in future if weak spots are not addressed at the time of development, according to telecoms security specialist Positive Technologies (PT).

    In its latest study it found at least 50 methods for exploiting telecoms vulnerabilities and dozens of brand new cybersecurity flaws in telecoms systems.

    The price of software-defined networking will be eternal vigilance and security must be coded into every component of 5G software, according to Gustavo Konte, an engineer securing Latin America for PT. A third of the world’s organisations have been held to ransom and the vulnerable infant networks of mobile operators offer a tempting target for predators.  

    “Security in particular must be integral from the beginning,” said Konte. 

    According to PT, mobile network infrastructure builders across the globe are making the same compromises in the 5G installation race. A new generation of transmitters is being set up in haste, accepting any cyphering methods and parameters as long as they’re fully functioning as soon as possible. The assumption is that security can be hardened in retrospect. 

    “Corporations like Verizon, which is using AI and other advances to identify specific deployment locations for its midband rollout, will obviously strive to build a secure network before accepting subscriber traffic,” said Konte.

    What’s best for capacity isn’t always best for security, Konte warned. In some high-density areas close to natural elements like mountains and lakes, the network owner might want indoor femtocell coverage, so the installer will bring the equipment closer to the subscribers in order to offer clearer transmission. While access to consumers is the priority, the network is more likely to fall victim to physical access and tampering. 

    Transport network gives access

    “The 5G radio interface is natively more secure, but that doesn’t necessarily apply to the equipment used, or the transport networks that connect radio sites to mobile operator buildings,” according to PT’s Konte. 

    Transport network access is another danger highlighted in PT’s report since it gives attackers the chance to take down or take control of multiple 5G transmitters. This creates a denial of service to the nearest equipment, preventing the comms kit from consolidating several transmitters data traffic and routes it to the nearest core site. Hackers can also eavesdrop on calls, messages and data traffic from 5G subscribers connected to the accessed site.

    Attackers could map the operator’s network, gain access to higher relevance network equipment and shut down services, PT warns. These attacks are as likely to be local criminal enterprises as they are to be alleged state sponsored attacks. The new access granted by insecure 5G networks is more likely to make hackers target information held by specific agencies, companies and persons, according to Konte.  

    “Domestic criminals are most likely to be responsible for attacks against telecoms equipment and mobile networks,” said Konte, “But this raises another point: Is the sensitivity of residents and companies considered on all transmitter deployments?” 

    State sponsored hacker or locals?

    Could domestic hackers pose as state sponsored hackers in a bid to scare off investigators?

    Possibly, said Konte, because intent is the hardest factor to decipher in cyber attacks. “If an attacker wants to monitor a local contractor and the target works for a big company or government, the attacker would seek access to their work transmitter rather than their home one. That makes it harder for cybersecurity experts to specify the target and, as a consequence, the perpetrator.” 

    PT claims it was the first to discover security issues associated with communications protocol, Signaling Systems 7 (SS7), which can be exploited to remotely intercept phone calls and bypass 2-factor authentication for access to social media profiles.