The slow rollout of 5G technology had many people optimistic that the new wireless format would eradicate problems faced by its predecessor, but a new report reveals 5G will be just as susceptible to security threats as 4G is. While the systems may differ in key ways, even down to the radio waves themselves, their communication protocols will be practically identical, which means 5G is just as likely to be vulnerable to denial of service (DoS) attacks.
Denial of Service attacks occur when a server is flooded with illegitimate requests to such a degree that legitimate requests go unfulfilled. This usually means the offending party has some form of automated system that will repeatedly query a host until that host is so bogged down with requests that it slows down or crashes. As a hypothetical example, think of a crowded store having a sale. Hundreds of people are lined up to enter the store, but only five or six are actually planning to buy anything. The rest are simply there to make it harder for the "legitimate" shoppers. Once the doors open, there's so much traffic that the real shoppers can barely get in without squeezing through the crowd, which means the store's intended purpose of selling items is also slowed to a crawl. A DoS attack is similar in that an entry point is being bombarded by requests solely to inconvenience people who actually want to make use of the service.
4G networks are particularly threatened by DoS attacks because of a flaw in the Diameter signaling protocol, which is the language that allows phone signals to communicate with IP online servers, leading to our smartphones being capable of interacting with the internet. The biggest issue, and the one that opens up DoS attacks, comes from the fact that the Diameter signaling protocol can't determine the source of a signal, which means it can't discern between a bot sending thousands of signals in an attack, or a user sending a legitimate signal. According to a report from network security analytics firm Positive Technologies, 5G networks will inherit all of those Diameter flaws.
Why 5G Can't Solve 4G's Security Problems
The eventual goal is for 5G networks to replace 4G entirely, but the race to market has created some caveats most security experts would have preferred we avoid. Telecommunications companies like AT&T and Verizon have started to offer 5G LTE service, which is built on existing 4G infrastructure. The positive side of that choice is that it creates a somewhat easier rollout and gets faster speeds in the hands of consumers sooner. The negative is it still relies on Diameter, so it's just as susceptible to DoS attacks.
However, that negative is exacerbated by two other huge issues. The first is that the Internet of Things is growing, and will be bigger than ever with 5G. To describe it succinctly, the IoT is the collection of devices other than smartphones or PCs that use internet connections to do their jobs without relying on a human-to-computer interaction. This includes personal assistants like Amazon Echo and Google Home, WiFi-enabled garage door openers, and those cool, automated smart LED lights. 5G is specifically designed to support more of these devices and on a larger (think city-wide) scale, so if they have security risks, we could be looking at a "hack the world" situation as in the video game Watch Dogs.
The second issue is that we lose the option to correct security issues in the future. Now, the dawn of 5G, is the perfect time to rebuild the signaling protocol and eliminate the older security flaws. By forgoing that option in favor of building 5G on the back of 4G, the only way telecom companies can patch the holes will be by bolting on new solutions. It could potentially solve the issues, but these solutions are inherently less secure than a language that never had those flaws in the first place.
Source: Positive Technologies, via ZDNet