Are 5G’s Enabling Technologies Making it Vulnerable to Cyberattacks?
The rushed launching of the early version of 5G networks in various countries overlooks the emerging cybersecurity threats that the upcoming 5G network invites to the telecom world. In this article, I present a timely intervention into a set of yet-unresolved 5G security issues that emerge from the constituent technologies of 5G.
5G is expected to entice an increased amount of cyberattacks than its legacy counterparts because of its pervasive nature and widespread use for critical services such as industrial automation, public transport signaling, and health-monitoring. Thus, the adversaries can have a higher incentive for attacking 5G to hack into high-value critical services.
5G adopts exciting technologies, such as software-defined networking (SDN), network function virtualization (NFV), artificial intelligence (AI), and cloud networking, which are new in the telecom domain. These key technologies together help realize the 5G mobile network capable of providing services well beyond high-speed low-latency broadband connectivity anytime anywhere, however, they also give rise to an increased amount of cybersecurity threats than ever before. This article demystifies these under-represented aspects of 5G security.
AI vs AI
To delve deep into the emerging cybersecurity concerns of the 5G network, let’s pick the example of deep learning-driven AI solutions that are widely used to tackle the growing complexities of large-scale 5G network operations. The recent successes in deep learning research led by advanced hardware and a plethora of real-world data make AI an ineliminable part of both small hand-held user devices and large-scale 5G networking solutions. However, the rise of adversarial ML attacks on deep learning models widens the overall security threat space of the 5G. Adversarial ML models can carefully craft attacks to malfunction a target ML model and it is now well-established that all the deep learning models are vulnerable to adversarial ML attacks.
The 3GPP, the standardization body of the 5G, does provide specifications for robust authentication protocols and network security architecture for 5G and also recommends practices to secure mobile networks but securing ML models is essentially an open research area beyond their scope. The lack of a true “telecom-grade” AI standard with a guaranteed degree of reliability keeps the risk of adversarial ML attacks on the ML models in 5G alive.
IT Cyberthreats Attacking 5G
Technologies such as AI, cloud networking, and virtualizations are well-explored in the IT infrastructures and helped revitalize the industry in the last few years. The Telecom industry also envisions a similar transformation by adopting those novel technologies in the 5G to enable unprecedented network flexibility, connectivity to billions of smart internet of things (IoTs), and systematic merging of the telecom networks with the evolving IT infrastructure.
Unlike commercial 4G, a successful introduction of SDN and NFV technologies in the 5G systems enables quick deployment of significant chunks of telecom network operations, such as core network functions, on existing IT infrastructure like public clouds. Although the deployability of the 5G networks on general-purpose IT infrastructure instead of specialized equipment reduces the network roll-out cost by multiple factors, the wide spectrum of existing cyber threats for IT infrastructures becomes relevant to the telecom networks.
Another objective of the 5G network is to cater to IoTs, billions of insecure smart devices which are tiny pieces of computers with specialized sensors. IoT devices are often hackable by novel covert-channel attacks, exploiting software security vulnerabilities, and performing reverse engineering.
An attacker can virtually do boundless malicious activities such as stealthy modification of sensitive user data, installing malware for continuous unsolicited user activity monitoring, launching distributed denial of services to name a few, once the attacker manages to break into an IoT device. Thus, IoT accessing 5G networks present numerous gateways to hack into the 5G networks as well as the subscribers’ privacy realm.
Last but not the least, the recent controversy on telecom vendors’ untrusted hardware becomes a global issue because it is still unclear how to verify secure hardware and thwart supply chain attacks against the 5G. A secure hardware abstraction layer that sits in between the 5G software stack and the underlying hardware and provides an abstract view of the hardware to the software to securely interact with the hardware is a viable option to address the concern. However, the development of such a hardware abstraction layer is still in its infancy.
The above-mentioned security vulnerabilities, if abused by an adversary, can bring catastrophic loss to individuals or society by disrupting the critical services running on the 5G. The security assurance is a critical necessity for a network as vital as 5G to earn the confidence of all of its stakeholders.