Report: long-standing vulnerabilities threaten 5G Smartphone users

Get a free Techzine subscription!

EU agency also issues its own report highlighting threats from 5G.

Global cybersecurity firm Positive Technologies have published their latest report on 5G security this week. The report, “5G standalone core security assessment,” discusses vulnerabilities and threats for subscribers and mobile network operators.

Specifically, they address threats that stem from the use of new standalone 5G network cores. The vulnerabilities are found in protocols HTTP/2 and PFCP. These protocols are used by standalone 5G networks. The threats there include the theft of subscriber profile data, impersonation attacks and faking subscriber authentication. 

Mobile operators are currently running non-standalone 5G networks, which are based on previous-generation 4G LTE infrastructure. These non-standalone 5G networks are at risk of attack. This risk is due to “long-standing vulnerabilities” in the Diameter and GTP protocols, which Positive Technologies reported earlier this year.

Operators are gradually migrating to standalone infrastructure. This migration brings security considerations of its own. Gartner expects 5G investment to exceed LTE/4G in 2022. They also say that communications service providers will gradually add standalone capabilities to their non-standalone 5G networks.

Dmitry Kurbatov, CTO at Positive Technologies, said: “There is a risk that attackers will take advantage of standalone 5G networks, while they are being established and operators are getting to grips with potential vulnerabilities. Therefore, security considerations must be addressed by operators from the offset.

“Subscriber attacks can be both financially and reputationally damaging – especially when vendors are in high competition to launch their 5G networks. With such a diverse surface of attack, robust core network security architecture is by far the safest way to protect users.” 

EU also reports threats and vulnerabilities of 5G

The EU has also published its own paper, called “ENISA Threat Landscape for 5G Networks Report“. This report indicates 5G’s exploitation vulnerabilities and how one can mitigate this exploitation through security controls.

ENISA exec director Juhan Lepassaar said: “By providing regular threat assessments, the EU Agency for Cybersecurity materialises its support to the EU cybersecurity ecosystem. This work is part of our continuous contribution to securing 5G, a key infrastructure for the years to come.”