5G Americas has a new paper reflecting the almost universal opinion among security experts that 5G has important vulnerabilities that can’t be ignored. 5G systems are perhaps an order of magnitude more complicated than 4G and correspondingly hard to protect. They are also massively distributed, from your home IoT up. That huge attack surface is all but impossible to guard.
Verizon CEO Hans Vestberg, who should know better, said 5G is completely secure. When I asked how he knew it, I was pointed to statements from 3GPP. 3GPP has some of the best engineers in the world, but their promotion always needs factchecking. Great engineers are often bad liars.
The 5G paper contains good short descriptions of 5G software and hardware considerations. It’s somewhat less technical than most, but no one has yet written “5G for the intelligent layman.:
Proposed 5G architectures are designed to close security gaps from previous iterations of cellular networks, but the pervasive nature of 5G introduces new security challenges outside the traditional space. 5G’s attractive, transformative services will likely introduce threat vectors not yet seen or experienced. This paper will look at how 5G differs from other wireless architectures, and what threats, vulnerabilities and attacks are therefore possible. Security considerations will examine various aspects of software, virtualization, automation, and orchestration, as well as Radio Access Network (RAN) considerations. Zero-Trust security, as well as several other techniques, will be discussed to mitigate the threats, and various recommendations will be proposed for security.
5G will usher in an age of accelerated innovation, but with that promise comes the inevitable potential for
attacks. The telecommunications industry needs to be prepared to defend against these attacks and have
mitigation plans in place for current and future attack vectors.
The work was led by David Krauss. 5G Americas is sponsored by AT&T, Cable & Wireless, Ciena, Cisco, CommScope, Crown Castle, Ericsson, Intel, Mavenir, Nokia, Qualcomm, Samsung, Shaw Communications Inc., T-Mobile USA, Inc., Telefónica and WOM.