Cyber security of 5G networks

The EU’s cyber security agency ENISA has published “ENISA threat landscape for 5G Networks” report that draws an initial threat landscape and presents an overview of the challenges in the security of 5G networks.

It presents 5G architecture, the identification of important assets, the assessment of threats affecting 5G, the identification of asset exposure and an initial assessment of threat agent motives.

You can download the document from this page:

https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-5g-networks

There is also a 5G Cybersecurity Hackathon starting in Oulu Finland

https://ultrahack.org/5gcyberhack

Here is my news article on both of those in Finnish
https://www.uusiteknologia.fi/2019/11/29/5g-verkkojen-tietoturvariskit-listattu-oulu-testaa-ongelmat/

33 Comments

  1. Tomi Engdahl says:

    “Economic Minister Peter Altmaier says risk of Huawei transmitting data to Chinese intelligence agencies is no greater than what ‘unreliable’ US has already done”

    German minister and US envoy clash over Huawei’s possible participation in Germany’s 5G network
    https://www.scmp.com/news/world/europe/article/3039320/german-minister-and-us-envoy-clash-over-huaweis-possible

    Reply
  2. Tomi Engdahl says:

    5G hackers: These eight groups will try to break into the networks of tomorrow
    https://www.zdnet.com/article/5g-hackers-these-six-groups-will-try-to-break-into-the-networks-of-tomorrow/

    Organised cybercrime, rogue insiders and nation-state-backed hackers are among the groups that could soon be targeting 5G networks. But there are a few surprises on the list, too.

    Reply
  3. Tomi Engdahl says:

    EU gets a bit STRESSED out about 5G: With great economic benefits come
    great security risks
    https://www.theregister.co.uk/2019/12/04/council_of_eu_5g_risks/
    The Council of the European Union has warned member states that the
    introduction of 5G networks poses increased security risks while also
    bringing economic and infrastructure benefits.

    Reply
  4. Tomi Engdahl says:

    How we turned 5G into 5k
    https://medium.com/sensorfu/how-we-turned-5g-into-5k-a8636b549248
    Hacking is a good way to learn and hackathons are a great place to
    learn with other like-minded people. And that was exactly what we had
    in mind when we invited our friends and signed in as a team to the
    first 5G hackathon in the world. We had no preparation or idea what we
    were going to do. After we conquered a table for ourselves to set up
    our base in we quickly found us split between two different
    challenges. Myself and Jukka (with initial help from Jani) took on to
    investigate the cylindrical device Nokia has brought into event.
    Meanwhile Mikko, Ossi and Jani challenged themselves with University
    of Oulu’s 5G hospital

    Reply
  5. Tomi Engdahl says:

    5G Security
    https://www.schneier.com/blog/archives/2020/01/china_isnt_the_.html
    The security risks inherent in Chinese-made 5G networking equipment
    are easy to understand. Because the companies that make the equipment
    are subservient to the Chinese government, they could be forced to
    include backdoors in the hardware or software to give Beijing remote
    access. Eavesdropping is also a risk, although efforts to listen in
    would almost certainly be detectable. More insidious is the

    Reply
  6. Tomi Engdahl says:

    “Chinese, Iranians, North Koreans, and Russians have been breaking into U.S. networks for years without having any control over the hardware, the software, or the companies that produce the devices. (And the U.S. National Security Agency, or NSA, has been breaking into foreign networks for years without having to coerce companies into deliberately adding backdoors.) Nothing in 5G prevents these activities from continuing, even increasing, in the future.”

    5G Security
    https://www.schneier.com/blog/archives/2020/01/china_isnt_the_.html

    Reply
  7. Tomi Engdahl says:

    From SIMjacking to Bad Decisions
    5G Security Threats to Non-Public Networks
    https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/from-esim-jacking-to-fake-news-threats-to-5g-and-security-recommendations?utm_source=trendmicroresearch&utm_medium=smk&utm_campaign=1119_5g

    Our latest research explored threats to 5G connectivity — from SIMjacking, identity fraud, fake news, and poisoning machine learning rules to manipulating business decisions — and found that they can be addressed through an identity-based approach to security.

    Risks and Threats to 5G Non-Public Networks (NPN)
    Our latest research explored threats to 5G connectivity — from SIMjacking, IoT identity fraud, false decision engine data and logs, and poisoning machine learning rules for the manipulation of business decisions. We also looked at how these risks and threats can be mitigated and addressed through an identity-based approach to security.

    Reply
  8. Tomi Engdahl says:

    Tässä oli aika hyvin tosta 5G:n turvallisuudesta, Mikko Hyppönen esim varoitti aiemmin IoT-laitteiden turvallisuudesta. ”The same [happened](https://www.wired.com/story/5g-more-secure-4g-except-when-not/) with 4G; operators even ignored security features defined as mandatory in the standard because implementing them was expensive. But even worse, for 5G, development, performance, cost, and time to market were all prioritized over security, which was treated as an afterthought.” https://foreignpolicy.com/2020/01/10/5g-china-backdoor-security-problems-united-states-surveillance/

    Reply
  9. Tomi Engdahl says:

    China Isn’t the Only Problem With 5G
    https://foreignpolicy.com/2020/01/10/5g-china-backdoor-security-problems-united-states-surveillance/?fbclid=IwAR1Hxr9o6fW4ExxzWAcZYRnpL7wcMQvPcLmJqUawT6EUtVHGBwdfXe_zoIA

    The network has plenty of other security weaknesses, including ones the United States doesn’t want to fix since they help its own surveillance efforts.

    Reply
  10. Tomi Engdahl says:

    https://www.uusiteknologia.fi/2020/01/29/eulta-yhtenaiset-linjaukset-5g-verkkojen-turvaamiseen/

    Euroopan unionissa on valmisteltu yhteiset linjaukset 5G-verkkojen turvallisuudesta. Linjauksilla pyritään myös yhtenäiseen lähestymistapaan 5G-verkkojen turvallisuuteen liittyen kaikissa jäsenvaltioissa. Uuden työkalupakin suositukset on suunnattu ensisijaisesti jäsenvaltioille, teleyrityksille ja laitevalmistajille.

    Reply
  11. Tomi Engdahl says:

    Matina Stevis-Gridneff / New York Times:
    Despite US pressure, the EU told member states they should limit “high risk” 5G vendors, like Huawei, but did not recommend a total ban — The bloc’s experts suggested members limit and monitor the involvement of “high-risk” vendors as they invest in next-generation mobile communications infrastructure.

    https://www.nytimes.com/2020/01/29/world/europe/eu-huawei-5g.html

    Reply
  12. Tomi Engdahl says:

    The Guardian:
    UK government says it will let Huawei build non-core elements of Britain’s 5G network but will ban the company from operating at sensitive sites

    UK Huawei decision appears to avert row with US
    https://www.theguardian.com/technology/2020/jan/28/boris-johnson-gives-green-light-for-huawei-5g-infrastructure-role

    US sources say special relationship too important to jeopardise over Chinese tech firm

    Reply
  13. Tomi Engdahl says:

    UK has chance to relook at Huawei 5G decision, says Pompeo
    https://www.theguardian.com/technology/2020/jan/29/uk-chance-relook-huawei-5g-decision-mike-pompeo

    Secretary of state strikes measured tone but says US still thinks Chinese firm poses risk

    Reply
  14. Tomi Engdahl says:

    The US Is Losing Its Fight Against Huawei
    https://www.wired.com/story/uk-huawei-5g-networks-us/

    The Trump administration has spent years pressuring the UK to ban Chinese giant Huawei. It didn’t work.

    Reply
  15. Tomi Engdahl says:

    EU supports Huawei use in 5G networks in defiance of US
    But calls for restrictions on high-risk suppliers
    https://www.theverge.com/2020/1/29/21113289/european-union-eu-huawei-5g-networks-national-infrastructure-ban-usa

    The European Union has issued a set of guidelines on the use of high-risk vendors like Huawei for building the single market’s 5G networks. Although individual member states will have ultimate control over which equipment they allow in their 5G infrastructure, the European commission has created a “toolbox” of security measures, which it hopes will allow countries across the bloc to coordinate their approaches.

    Although the commission’s guidelines don’t mention it directly, Huawei is the vendor that’s been causing the most concern internationally, with the US arguing in favor of a total ban of the Chinese company’s involvement in 5G infrastructure. Yesterday, the UK decided to allow high-risk vendors such as Huawei in its 5G networks, albeit with restrictions.

    The EU’s guidelines mirror many elements of the UK’s decision.

    Reply
  16. Tomi Engdahl says:

    Secure 5G networks: Commission endorses EU toolbox and sets out next steps
    https://ec.europa.eu/commission/presscorner/detail/en/ip_20_123

    The Commission is today endorsing the joint toolbox of mitigating measures agreed by EU Member States to address security risks related to the rollout of 5G, the fifth-generation of mobile networks. This follows the European Council’s call for a concerted approach to the security of 5G and the ensuing Commission Recommendation of March 2019. Member States have since identified risks and vulnerabilities at national level and published a joint EU risk assessment. Through the toolbox, the Member States are committing to move forward in a joint manner based on an objective assessment of identified risks and proportionate mitigating measures. With its Communication adopted today, the Commission is launching relevant actions within its competence and is calling for key measures to be put in place by 30 April 2020.

    Cybersecurity of 5G networks – EU Toolbox of risk mitigating measures
    https://ec.europa.eu/digital-single-market/en/news/cybersecurity-5g-networks-eu-toolbox-risk-mitigating-measures

    The objectives of this toolbox are to identify a possible common set of measures which are able to mitigate the main cybersecurity risks of 5G networks, and to provide guidance for the selection of measures which should be prioritised in mitigation plans at national and at Union level. It does this in order to create a robust framework of measures with a view to ensure an adequate level of cybersecurity of 5G networks across the EU and coordinated approaches among Member States.

    Reply
  17. Tomi Engdahl says:

    No pan-EU Huawei ban as Commission endorses 5G risk mitigation plan
    https://techcrunch.com/2020/01/29/no-pan-eu-huawei-ban-as-commission-endorses-5g-risk-mitigation-plan/

    The European Commission has endorsed a risk mitigation approach to managing 5G rollouts across the bloc — meaning there will be no pan-EU ban on Huawei. Rather it’s calling for Member States to coordinate and implement a package of “mitigating measures” in a 5G toolbox it announced last October and has endorsed today.

    “Through the toolbox, the Member States are committing to move forward in a joint manner based on an objective assessment of identified risks and proportionate mitigating measures,” it writes in a press release.

    Reply
  18. Tomi Engdahl says:

    Introduction to mobile network intrusions from a mobile phone
    https://medium.com/mobile-stacks-and-networks-security/introduction-to-mobile-network-intrusions-from-a-mobile-phone-9a8e909cc276

    With the introduction of the packet service, mobile user equipment (UE) are able to use the IP communication protocol. Without the right routing and filtering of UE communications, some sensitive assets on the operator’s infrastructure could be exposed, such as core network services.
    Mobile operators are generally aware of this kind of attack vector and apply the right mechanisms to avoid any risk from the subscriber context. Nevertheless, those mechanisms are different from an operator to another and their effectiveness varies.

    Reply
  19. Tomi Engdahl says:

    Vodafone to strip Huawei from ‘core’ network at cost of £200m
    Move follows new UK rules and EU guidelines on use of Chinese group’s equipment
    https://www.ft.com/content/b4bbd752-47f0-11ea-aeb3-955839e06441

    Vodafone is to strip Huawei systems out of the core of its European network at a cost of €200m as the European telecoms sector moves to adapt to new limits on use of the Chinese company’s equipment.

    Chief executive Nick Read said on Wednesday the process would take five years because of the complexity of removing systems critical to its network.

    Reply
  20. Tomi Engdahl says:

    Akamai CSO: 5G is a whole new cybersecurity nightmare
    https://www.protocol.com/5g-cybersecurity-akamai

    Andy Ellis, chief security officer at Akamai, says businesses are struggling to protect themselves against connected devices. With 5G, the problem is only going to get worse.

    Reply
  21. Tomi Engdahl says:

    Introduction to mobile network intrusions from a mobile phone
    https://medium.com/mobile-stacks-and-networks-security/introduction-to-mobile-network-intrusions-from-a-mobile-phone-9a8e909cc276

    With the introduction of the packet service, mobile user equipment (UE) are able to use the IP communication protocol. Without the right routing and filtering of UE communications, some sensitive assets on the operator’s infrastructure could be exposed, such as core network services.

    Reply
  22. Tomi Engdahl says:

    A lack of protection at the user level leaves LTE and early 5G devices — including IoT and IIoT implementations — vulnerable to attack.

    IMP4GT Vulnerabilities Allow for Impersonation on 4G LTE, Early 5G Cellular Networks
    https://www.hackster.io/news/imp4gt-vulnerabilities-allow-for-impersonation-on-4g-lte-early-5g-cellular-networks-8c2971510f93

    A lack of protection at the user level leaves LTE and early 5G devices — including IoT and IIoT implementations — vulnerable to attack.

    A team of researchers from Ruhr University Bochum and New York University Abu Dhabi have published details of a pair of impersonation attacks in 4G Long Term Evolution (LTE) networks — known as IMP4GT for short.

    While the authentication scheme used in Long Term Evolution (LTE) cellular networks is provably secure, there’s a flaw: A lack of integrity protection at the user, rather than control, level means it’s possible to manipulate and redirect packets.

    “An attacker can book services, for example [to] stream shows,” explains Professor Thorsten Holz from Horst Görtz Institute for IT Security of the vulnerabilities’ impact, “but the owner of the attacked phone would have to pay for them.”

    IMP4GT comes in two variants: An uplink impersonation attack allows the attacker to generate IP traffic which will be associated with the IP address of the target, potentially triggering billing as per Holz’ warning; downlink impersonation, meanwhile, lets an attacker create a TCP/IP connection to a target handset and immediately bypass any IP-level protections in the LTE network.

    In testing, the researchers found that Android handsets were vulnerable to the IMP4GT attacks across both IPv4 and IPv6 networks; Apple’s iOS, meanwhile, proved vulnerable only in IPv6 mode. While tricky to pull off — “the attacker needs to be highly skilled and in close proximity to the victim,” the researchers advise — the attack could potentially spell trouble for high-value Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices which use LTE networks for data transmission.

    The attacks aren’t restricted to LTE networks, though those are its primary target: The researchers found that early 5G network implementations operating in non-standalone mode have the same lack of user-plane integrity protection as LTE; the second-phase standalone rollout, however, implements optional user-plane data integrity protections which block the attacks if enabled.

    Reply
  23. Tomi Engdahl says:

    Mobile Networks Vulnerable to IMP4GT Impersonation Attacks
    https://www.securityweek.com/mobile-networks-vulnerable-imp4gt-impersonation-attacks

    “IMP4GTallows an active radio attacker to establish arbitrary TCP/IP connections to and from the Internet through the victim’s UE. IMP4GTexploits the lack of integrity protection along with ICMP reflection mechanisms. As a result, the attacker can circumvent any authorization, accounting, or firewall mechanism of the provider,” the researchers conclude.

    The researchers, who contacted the GSMA last year to report the discovery, say that all network vendors are equally vulnerable and that their attack works on some 5G networks as well. All devices that connect to an LTE network are affected, including phones, tablets, and appliances.

    The vulnerability could be addressed in the now-rolling-out 5G networks by implementing mandatory user-plane integrity protection, but that would require higher costs for network operators — the additional protection would generate more data during transmission — and the replacing of current mobile phones. Base stations would also need to be expanded.

    https://imp4gt-attacks.net/

    Reply
  24. Tomi Engdahl says:

    Tackling Security Challenges in 5G Networks https://www.enisa.europa.eu/news/enisa-news/tackling-security-challenges-in-5g-networks
    The EU Agency for Cybersecurity (ENISA) proposes good practices for the secure deployment of Network Function Virtualisation (NFV) in 5G networks.. Network Function Virtualisation is a new technology in 5G networks, which offers benefits for telecom operators in terms of flexibility, scalability, costs, and network management. However, this technology also introduces new security challenges.

    Reply
  25. Tomi Engdahl says:

    One of 5Gs Biggest Features Is a Security Minefield https://www.wired.com/story/5g-api-flaws/
    TRUE 5G WIRELESS data, with its ultrafast speeds and enhanced security protections, has been slow to roll out around the world. As the mobile technology proliferatescombining expanded speed and bandwidth with low-latency connectionsone of its most touted features is starting to come in to focus. But the upgrade comes with its own raft of potential security exposures. A massive new population of 5G-capable devices, from smart-city sensors to agriculture robots and beyond, are gaining the ability to connect to the internet in places where Wi-Fi isn’t practical or available. Individuals may even elect to trade their fiber-optic internet connection for a home 5G receiver. But the interfaces that carriers have set up to manage internet-of-things data are riddled with security vulnerabilities, according to research that will be presented on Wednesday at the Black Hat security conference in Las Vegas.

    Reply
  26. Tomi Engdahl says:

    Attacks on 5G Infrastructure From Users’ Devices https://www.trendmicro.com/en_us/research/23/i/attacks-on-5g-infrastructure-from-users-devices.html

    With the growing spectrum for commercial use, usage and popularization of private 5G networks are on the rise. The manufacturing, defense, ports, energy, logistics, and mining industries are just some of the earliest adopters of these private networks, especially for companies rapidly leaning on the internet of things (IoT) for digitizing production systems and supply chains. Unlike public grids, the cellular infrastructure equipment in private 5G might be owned and operated by the user-enterprise themselves, system integrators, or by carriers. However, given the growing study and exploration of the use of 5G for the development of various technologies, cybercriminals are also looking into exploiting the threats and risks that can be used to intrude into the systems and networks of both users and organizations via this new communication standard. This entry explores how normal user devices can be abused in relation to 5G’s network infrastructure and use cases.

    Reply
  27. Tomi Engdahl says:

    Your Phone’s 5G Connection is Vulnerable to Bypass, DoS Attacks
    Wireless service providers prioritize uptime and lag time, occasionally at the cost of security, allowing attackers to take advantage, steal data, and worse.
    https://www.darkreading.com/mobile-security/your-phone-s-5g-connection-is-exposed-to-bypass-dos-attacks

    Mobile devices are at risk of wanton data theft and denial of service, thanks to vulnerabilities in 5G technologies.

    At the upcoming Black Hat 2024 in Las Vegas, a team of seven Penn State University researchers will describe how hackers can go beyond sniffing your Internet traffic by literally providing your Internet connection to you. From there, spying, phishing, and plenty more are all on the table.

    It’s a remarkably accessible form of attack, they say, involving commonly overlooked vulnerabilities and equipment you can buy online for a couple of hundred dollars.

    Reply
  28. Tomi Engdahl says:

    Tutkijat onnistuivat rikkomaan 5G-tietoturvan ”täydellisesti” – mahdollistaa monenlaisen haitanteon
    https://muropaketti.com/mobiili/tutkijat-onnistuivat-rikkomaan-5g-tietoturvan-taydellisesti-mahdollistaa-monenlaisen-haitanteon/

    Tieteilijät keksivät keinon vakoilla puhelinliikennettä huijaamalla puhelinta.

    Pennsylvanian valtionylipiston tutkijat löysivät 5G-tekniikkaa käyttävistä älypuhelimista useita tietoturva-aukkoja. Haavoittuvuudet liittyvät lähinnä puhelimien käyttämiin baseband-piireihin, jotka vastaavat puheluiden, tekstiviestien ja tiedonsiirron hallinnasta.

    Tieteilijät kehittivät tutkimustaan varten oman, GitHugista ladattavan analyysityökalunsa nimeltään 5GBaseChecker. Sen avulla he löysivät 12 haavoittuvuutta Samsungin, MediaTekin ja Qualcommin valmistamista piireistä liittyen baseband-haavoittuvuuksiin. Piirejä käytetään ainakin Googlen, Oppon, OnePlussan, Motorolan ja Samsungin puhelimissa.

    Tutkijoiden onnistui huijata uhrien puhelimet liittymään väärennettyyn matkapuhelinmastoon, josta tieteilijät pystyivät tekemään hyökkäyksiä mastoon liittyneisiin puhelimiin. Yksi tutkimuksen toteuttamiseen osallistuneista henkilöistä kuvaili, että 5G-tietoturva rikkoutui täydellisesti, eikä puhelimen käyttäjä voinut havaita hyökkäystä.

    Hyökkäyksen avulla voi esimerkiksi lähettää puhelimen omistajan nimissä tekstiviestejä. Puhelimen voi myös ohjata huijaussivustoille

    5G-yhteyden pystyi tiputtamaan vanhempaan yhteystekniikkaan kuten 4G:hen tai vielä vanhempaan. Se helpotti entisestään ainakin salakuuntelua ja uhrin tekemisten seuraamista.

    Tieteilijät ilmoittivat löytämistään haavoittuvuuksista teknologiayrityksille. Heidän löytämänsä 12 haavoittuvuutta on nyt korjattu, mutta verkko-operaattoreiden täytyy myös asentaa päivitykset.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*