This 5G vulnerability allows data extraction and DoS attacks between different network slices on a mobile operator leaving enterprise customers exposed to malicious cyberattacks.
The IT security researchers at AdaptiveMobile have identified a major vulnerability in the architecture of 5G network slicing and virtualized network functions. This vulnerability has been found to potentially allow data access and denial of service (DoS) attacks between different network slices on a mobile operator which leaves enterprise customers exposed to malicious cyberattacks.
What is 5G?
5G, the 5th generation mobile network, is the new global wireless standard after the previously introduced 1G, 2G, 3G, and 4G networks which makes it all the more important because it enables a new kind of network that is designed to connect virtually everyone and everything including machines, objects, and devices.
The 5G technology was created to deliver multi-Gbps peak data speeds, ultra-low latency, more reliability, massive network capacity, increased availability, and more uniform user experience to more users.
What is 5G network slicing?
Network slicing basically allows a mobile operator to divide their core and radio network into multiple distinct virtual blocks that provide different amounts of resources to different types of traffic.
A great benefit of 5G network slicing for network operators will be the ability to deploy only the functions necessary to support particular customers and particular market segments such as automotive, healthcare, critical infrastructure, and entertainment.
Some of the top countries using 5G are also the ones who are most affected by this vulnerability including South Korea, the United Kingdom, Germany, and the United States because multiple companies in these countries have deployed networks and are selling compatible devices.
Vulnerability and attack scenarios
According to a report shared by AdaptiveMobile with Hackread.com, three specific attack scenarios may occur due to the flaw that cannot be mitigated according to today’s specified technology; user data extraction – in particular location tracking, denial of service against another network function, and access to a network function and related information of another vertical customer.
Moreover, the operator and their customers are exposed and risk the loss of sensitive location data – which would allow the loss of charging related information and even the potential interruption to the operation of the slices and network functions themselves.
“When it comes to securing 5G, the telecoms industry needs to embrace a holistic and collaborative approach to secure networks across standards bodies, working groups, operators, and vendors.”
“As more of the core network moves to the cloud and an IT-based architecture, more suitable hacking tools become available for hackers,” Holtmanns continued.
“Currently, the impact on real-world applications of this network slicing attack is only limited by the number of slices live in 5G networks globally. The risks, if this fundamental flaw in the design of 5G standards had gone undiscovered, are significant.”
“Having brought this to the industry’s attention through the appropriate forums and processes, we are glad to be working with the mobile network operators and standards communities to highlight these vulnerabilities and promote best practice going forward.”