One of 5G’s biggest features is a security minefield

The roll out of true 5G wireless data has been slow. One of the most talked about features of the mobile technology is expanding speed and bandwidth with low-latency connections. The upgrade has its own set of security risks.

A massive new population of 5G capable devices, from smart-city sensors to agriculture robots and beyond, are gaining the ability to connect to the internet in places where wi-fi isn't practical or available Fiber-optic Internet connections can be swapped for a home 5G receiver. According to research presented this week at the Black Hat security conference in Las Vegas, the interface that carriers have set up to manage internet-of-things data are rife with security vulnerabilities. The industry could be vulnerable for a long time.

Altaf Shaik, a researcher at the Technical University of Berlin, has been looking at security and privacy issues in mobile-data radio frequencies for years. These are the conduits that applications can use to pull data. Shaik says that they haven't been used in core telecommunications offerings Shaik and Shinjo Park looked at the 5GIoT APIs of 10 mobile carriers around the world and found common but serious vulnerabilities that could be exploited to gain authorized access to data or even direct access to Internet of Things devices.

There's a lack of knowledge. Shaik told WIRED that this is the start of a new type of attack. There's a whole platform where you can get access to the APIs, there's documentation, everything, and it's called the Internet of Things service platform. Every operator in every country will be selling them if they're not already, and there will be a lot of companies offering this kind of platform.

Advertisement

The designs of the internet of things service platforms are up to the carriers and companies. There's a lot of variation in their quality. In addition to 5G, upgraded 4G networks can support some expansion of the internet of things.

The researchers got special data-only sim cards for their networks of internet of things devices after analyzing 10 carriers. They had the same access to the platforms as anyone else. They found that basic flaws in how the APIs were set up could reveal a lot of information. In some cases, the researchers were able to access large streams of other users' data or even identify and access their Internet of Things devices by sending or replaying commands that they shouldn't have been able to control.

Most of the vulnerabilities the researchers found are being fixed, according to the researchers. The quality of security protections on the Internet of Things service platforms varied widely, with some appearing more mature while others were still sticking to the same bad security policies and principles. The group isn't publicly naming the carriers they looked at because of concerns about how widespread the issues could be. The carriers are based in Europe, the US, and Asia.

Shaik says that they found vulnerabilities that could be exploited to access other devices even if they weren't ours. We could use the internet of things to send messages and get information. It is a large issue.

After they discovered the different flaws, Shaik and his colleagues didn't hack any other customers. He says that the carriers did not detect the researchers probing, which indicates a lack of monitoring and safeguards.

As the full breadth and scale of 5G starts to emerge, the challenges of securing massive new ecosystems are underscored.