Home Articles 5G Network Vulnerabilities

5G Network Vulnerabilities

With each new generation of technology, there are vulnerabilities and security concerns that must be addressed. At this stage, 5G still has to overcome some logistical and technical hurdles, but we’re seeing more networks being deployed in cities across the world.

While 5G is certainly an exciting development, there are some security concerns that need to be addressed. 

Study Finds 11 Design Issues with 5G

Researchers at the University of Iowa and Purdue University have found 11 design issues with 5G network protocols that are quite alarming.

These issues could potentially:

  • Track when you send texts, make calls or browse the web
  • Expose your location
  • Downgrade your service to old networks

Researchers also found five vulnerabilities that carried over from 3G and 4G. Many security features from these old generations of technology were adopted to 5G. 

The team also found that many of the features in 5G have not undergone rigorous security testing services, so users are potentially taking great risks in using these networks.

IMSI Vulnerabilities

One supposed benefit of 5G is that it protects your phone’s identifiers, such as your international mobile subscriber identity, or IMSI. Protecting these identifiers is supposed to reduce to the risk of targeted or tracking attacks.

Researchers, however, found that downgrade attacks can push your device down to 4G or put your phone into limited service mode. Next, the phone can be forced to send its IMSI number in unencrypted form.

More networks are now using a Temporary Mobile Subscriber Identity (TMSI), which refreshes from time to time to prevent tracking. However, researchers found vulnerabilities that would allow attackers to override TMSI resets.

Even more alarming is the fact that these types of attacks can be carried out using simple technology that costs just a few hundred dollars.

Higher Mobile Bills

In addition to issues with IMSI, researchers also found problems with 5G standards that govern basic things, like paging, initial device registration and deregistration. If a carrier doesn’t implement these standards properly, attackers could potentially launch “replay” attacks that would drive up mobile bills by repeatedly sending the same message.

Black Hat 2019 Presentation

At Black Hat 2019, a session called New Vulnerabilities in 5G Networks presented other concerns that networks need to address. 

Altaf Shaik, graduate student at the Technical University of Berlin and Kaitiaki Labs, and his partner Ravishankar Borgaonkar of SINTEF Digital presented their research, which found that 5G can allow for three kinds of attacks: MNmap, bidding down and battery drain.

The problem, the researchers noted, is that with 5G, device capability information is transmitted to the base station unencrypted. 

MNmap Attacks

5G networks are vulnerable to mobile network mapping, or MNmap, attacks. Using actual devices and networks, the research team was able to gather the information sent by the devices in plain text and create a map of devices connected to that network. 

The team was able to identify any cellular device – whether it was iOS or Android, whether it’s a phone or IoT, or whether it’s a car, USB dongle, or router. With this type of information in hand, attackers could target specific devices or an entire class of devices. 

Once attackers identify the baseband maker, they can determine what kind of modem the device is using. There are only five baseband manufacturers: Mediatek, Intel, Huawei, Qualcomm and Samsung.

MiTM Attacks

The researchers also found that bidding-down and battery-drain attacks were possible by using a MiTM relay to hijack the device’s information before it’s encrypted (i.e. while it’s being sent to the base station). 

With bidding down attacks, attackers can do a number of things, such as:

  • Remove carrier integration or MIMO enablement, which boosts speed
  • Altering frequency band information to prevent roaming
  • Disable voice over LTE

To make matters worse, these types of attacks could persist until the device is restarted. The research team found that 22 out of the 32 LTE networks they tested were vulnerable to these attacks. On average, the attack lasted seven days.

The battery drain attacks target NB-IoT devices, which have a 10-year battery life thanks to the power-saving mode that shuts them down when not in use. With an MiTM attack, the parameters of the power-saving mode can be modified or removed entirely. This would mean that the device would continuously scan for networks to connect to.

These vulnerabilities in 5G need to be addressed now before these networks become the standard. With this new information coming to light, steps are now being taken to tackle the problem.