This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
5G Insights: IoT Opportunities, Vulnerabilities
Most of the hype around 5G networks comes from its ability to improve speeds, as well as its potential to support the growing number of Internet of Things (IoT) devices in need of constant and consistent connectivity. However, security vulnerabilities are likely to surface in supply chains and on the network, according to a newly published Cybersecurity and Infrastructure Security Agency (CISA) key findings report.
What Should You Do?
If you’re looking at future in which 5G provides your IoT connectivity, you need to investigate the security efforts of your network provider. Ask questions about its suppliers. What liabilities will the provider accept if any? Look into what your 5G endpoints can implement to compensate for the potential 5G providers security problems.
Here are a few factors to consider:
Supply Chain Vulnerabilities
According to the CISA report, untrusted partners can manipulate 5G products manufactured by trusted suppliers, creating vulnerabilities like counterfeit components or malicious software/hardware. In addition, when a trusted company buys 5G components from overseas production facilities, supply chain risks may crop up.
Compromised devices may provide malicious actors with 5G network access to intercept data that routes through the devices, the CISA researchers went on to say. Even though a U.S. network might appear secure, data traveling across countries may pass through untrusted telecommunication networks. These vulnerabilities will be difficult for enterprises to detect.
Security updates don't guarantee that there will be no more security fixes. An update itself can open a new vulnerability window.
The CISA report highlights that “5G technologies will be … overlaid on the existing 4G Long-Term Evolution (LTE) network that [already have] legacy vulnerabilities.” Security settings, permissions, and specifications from an untrusted core network may block 5G device security.
5G small cell towers will reside on trees, light poles, homes, building corners, and retail shops. This provides more physical access points for malicious behavior, and the ability to intercept data and introduce denial-of-service attacks. According to the report, compromised small cells may produce the capability to clone devices, thereby replicating calls, use data, and add charges.
The report also mentions that untrusted 5G equipment makers are less likely to be involved with interoperability testing. This can make it difficult to ensure that their untrusted products are comparable to those from trusted providers, limiting competition.
Proprietary 5G equipment can be difficult to update and repair. Poor written code can lead to unsupportable software. Limited interoperability between networks can delay or increase the cost deployment.
Again, be sure to talk to your network provider about its 5G network strategy and any concerns you might have.