It is always exciting to hear what technology has in store for us. Take for example the 5G network, it is a fifth-generation cellular network technology that promises faster and more secure connectivity.
But the 5G network is yet to be widely available, it still faces logistical and technical difficulties. However, it’s becoming increasingly available in major cities in the US. And what many people weren’t expecting is that it is not as secure as we thought it was.
A security research team from the University of Iowa and Purdue University has discovered a couple of new 5G flaws. As a result of this, the network is vulnerable to various nasty attacks like location tracking, broadcasting of false emergency alerts, severing the 5G connection of a phone entirely from the network.
A research discovered a dozen flaws in the 5G network
It has been expected that the 5G network will become as important and as prevalent. You would think that organizations such as 3GPP, who are responsible for implementing security protocols set up clear and strong requirements. However, that is not the case according to the research team.
The team claims that in their research paper the 5G protocol “lacks a formal specification and hence is prone to ambiguity and underspecification.” In addition, the team said that the existing standard “often states security and privacy requirements in an abstract way” with conformance test suites encompassing “only primitive security requirements lacking both completeness and the consideration of adversarial environments.”
Various attacks carried out to the 5G network
To prove their point, the team created an “adversarial environment” in the form of a fake malicious radio base station, along with its newly developed tool called 5GReasoner. They have successfully carried out various attacks on a 5G-connected smartphone.
First, a denial-of-service (DoS) attack on the 5G-connected phone from being completely cut off from the rest of the network. In another situation, the phone’s location was also tracked in real-time and logged.
And the scariest of all was the hijacking of the phone’s paging channel to broadcast fake emergency alerts. According to the research team, this could lead to “artificial chaos,” just like when a mistakenly sent alert said that Hawaii was under missile attack from North Korea resulted in complete chaos.
How vulnerable is the 5G network?
The team has wisely agreed not to publicly release the precise methods and code behind their exploits because of the serious nature of these vulnerabilities and how easily the team was able to exploit it.
Furthermore, the research team did notify the GSM Association, but its spokesperson Claire Cranton sounded noncommittal about any future fixes, stating the vulnerabilities are “judged as nil or low-impact in practice.”
One of the co-authors of the research paper, Syed Rafiul Hussain, said in his statement to TechCrunch that most of the security flaws in the existing design can easily be fixed. However, some of the vulnerabilities will require “a reasonable amount of change in the protocol.”