A new whitepaper has revealed a potentially dangerous security flaw in a 5G network’s slicing design.
Written in a research post by Dublin-based AdaptiveMobile Security, the vulnerability in the architecture of 5G Network Slicing and virtualised network functions could leave customers “exposed to malicious cyberattacks”.
According to the whitepaper, the issue has the potential to “cause significant security risks to enterprises using network slicing and undermine operators’ attempts to open up new 5G revenues”.
Even though the probability of an attack is currently low, AdaptiveMobile says this is only due to the “limited number of mobile operators with multiple live network slices on their networks”.
AdaptiveMobile’s research revealed that networks that use ‘hybrid’ network functions, both shared and dedicated and supporting several slices, have a lack of “mapping” between the application and transport layers identities.
The flaw could potentially allow an attacker to access data and launch denial of service (DDoS) attacks across multiple slices if they have access to the 5G Service Based Architecture, exposing an operator and their customers to the risk of losing sensitive location data.
Commenting on the flaw, Dr Silke Holtmanns, Head of 5G Security Research at AdaptiveMobile Security, said: “5G is driving the mobile industry into adopting the technology and techniques of the IT world to increase efficiency and improve functionality.
“However, while laudable, there needs to be a wider mindset change. When it comes to securing 5G, the telecoms industry needs to embrace a holistic and collaborative approach to secure networks across standards bodies, working groups, operators and vendors.”
AdaptiveMobiil says that it has shared the research with the global mobile industry’s trade body the GSMA, operators and standards bodies to address the issue.
Network slicing is set to become a major part of 5G networks and has the potential to generate revenues of more than $20bn for telecoms firms by 2026.
Holtmanns continued: “Currently, the impact on real-world applications of this network slicing attack is only limited by the number of slices live in 5G networks globally.
“The risks, if this fundamental flaw in the design of 5G standards had gone undiscovered, are significant.”
- Scot-Secure 2021 | Understanding cybersecurity threat actors
- Leader Insights | Finding Scotland’s growth mindset with Les Bayne, Former MD of Accenture in Scotland
- Comment | Public bodies must apply ‘barrier busting’ initiatives to fuel 5G investment
Commenting on the importance of network slicing and issues surrounding the vulnerability, Iqbal Singh Bedi, founder and consulting director at Intelligens Consulting, said: “Network slicing is important to bandwidth-hungry industrial settings.
Network slicing is being considered, for example, in ‘private network’ environments hosting intelligent and industrial automation use cases where guaranteed bandwidth, low latency and secure reliable connections are required for the likes of autonomous robots, pods or vehicles that may also use video which requires processing in real-time.
“Network slicing is a huge deal for Industry 4.0 and for 5G’s success. While mobile operators have struggled to make the case for standalone densified public 5G small cell networks, manufacturing and industry are widely seen as the ‘killer use case’ for 5G.
“There will be an economic hit if this problem is not rectified. Network slicing and many early Industry 4.0 use cases would simply not be possible holding back the automation of traditional manufacturing and the progress of industry.
“Early users of 5G networks will need to be assured that everything is being done to ensure this issue is resolved and does not halt 5G adoption. To this, it is reassuring to see that the GSMA, operators and standards bodies are addressing the issue to prevent exploitation.”