The roll out of true 5G wireless data has been slow. One of the most talked about features of the mobile technology is its ability to combine expanded speed and bandwidth with low Latency connections. The upgrade has its own set of security risks.
A massive new population of 5G capable devices, from smart city sensors to agriculturerobots and beyond, are gaining the ability to connect to the internet in places where wi-fi isn't practical or available It is possible for individuals to trade their internet connection for a 5G receiver. According to new research that will be presented at the Black Hat security conference in Las Vegas on Wednesday, the internet of things data is prone to security vulnerabilities that will dog the industry for a long time.
Altaf Shaik, a researcher at the Technical University of Berlin, has been looking at security and privacy issues in mobile data radio frequencies for a long time. Real-time bus tracking data can be pulled from these conduits applications. Shaik says that they haven't been used in core telecommunications offerings Shaik and Shinjo Park looked at the 5G Internet of Things APIs of 10 mobile carriers around the world and found a number of vulnerabilities that could be exploited to gain authorized access to data or even direct access to the network.
Shaik told WIRED that this is the start of a new type of attack in telecom. There's a whole platform where you can get access to the APIs, there's documentation, everything, and it's called the Internet of Things service platform. Every operator in every country will be selling them if they're not already, and there will be a lot of companies offering this kind of platform.
The designs of the internet of things service platforms are up to the carriers and companies. There's a lot of variation in their quality. In addition to 5G, upgraded 4G networks can support some expansion of the internet of things.
The researchers got special data-only sim cards for their networks of internet of things devices after analyzing 10 carriers. They had the same access to the platforms as anyone else. They found that basic flaws in how the APIs were set up could reveal a lot of information. In some cases, the researchers were able to access large streams of other users' data or even identify and access their Internet of Things devices by sending or replaying commands that they shouldn't have been able to control.