5G Networks Are Coming, So Is A New Set Of Security Vulnerabilities

5G powers the Internet of Things (IoT), supports autonomous vehicles and enables social media apps on your smart fridge. And when employed in the enterprise, 5G could change the way we do business — but it isn’t immune to unique security vulnerabilities.

Lightning-fast download speeds, extended battery life, and support for up to one million device connections are all possible within a private 5G network. Gartner predicts that 66% of organizations will take advantage of these benefits and adopt 5G by 2020 — with 59% of them planning to use 5G to support IoT across their business. In fact, manufacturers like Nokia, Samsung, and Cisco have already kickstarted the development of 5G enterprise solutions or have at least publicly announced plans to do so.

Fully deploying private 5G networks at an enterprise level will take time, considerable investment and significant upgrades to legacy network infrastructures. However, as efforts ramp up, it’s not unusual to see some devices within the enterprise already operating on a 5G network: from workplace automation tools to personal mobile devices. However, using IoT devices without a private 5G network or adequate technical knowledge could put organizations’ and their employees’ privacy at risk.

With more capabilities comes more vulnerabilities

The burgeoning popularity and increased adoption of IoT-supported devices is ushering in a new era of modern personal and professional productivity — while at the same time opening the door to a range of network security consequences: harassment, stalking, employee monitoring, commercial profiling, etc. Already, researchers have identified flaws in 5G networks that allow for the interception of phone calls and the tracking of device users.

Even before 5G networks and the IoT, users were vulnerable to identification and tracking by both their service providers and malicious third parties. The difference is, however, that 5G networks support devices with far greater capabilities than their predecessors. With such a large number of 5G-capable devices connected within an enterprise, it would be far too easy for a single vulnerability to reveal trade secrets and corporate data to a malicious competitor. Outside of an enterprise perspective, IoT devices such as home climate systems and smart baby monitors make the most intimate details of users’ private lives vulnerable to exposure. And as more and more devices are given 5G capabilities and connecting to a 5G network, more malicious actors will be interested in trying to access the information within them — whether that’s sensitive company data or that of a private citizen.

For these reasons, the third generation partnership project or 3GPP (a standards organization developing protocols for mobile devices) included the following standard features as device user privacy requirements: User identity confidentiality, user location confidentiality, and user un-traceability. These protections make it impossible for someone to match user data to a specific user identity.

When it comes to security, every component of the 5G ecosystem (the network, the device and the SIM card) must do its part to guarantee the security of the technology as a whole. But as it stands, there’s only one piece that can be used to secure 5G networks according to all of 3GPP’s standards — and that’s the SIM card.

Future-proof devices with encrypted SIMs

The subscriber identification module (SIM) card contains unique information used to identify the user and authenticates devices as they travel across the network. While devices use SIM cards regardless of network, the ideal 5G SIM model is different: It encrypts its data using the subscription concealed identifier (SUCI).

At its core, the SUCI makes it impossible for those without the decryption key to see who the user is, find their location or trace how they are using the network. Only the 5G network has the decryption key and is capable of identifying the subscriber. This approach can preserve subscribers’ privacy across the board, from mobile devices to smart appliances. Solid, secure encryption also prevents bad actors from making connections among a web of IoT devices used by the same employee, organization or household.

However, using a 3GPP-approved SIM is up to the discretion of the service provider. So, this is where enterprises and private users alike must be diligent about their privacy, understanding which protocols to look out for in order to prevent their sensitive data from falling into the wrong hands.

Trying to access user information through illicit means is not unique to 5G networks — it’s something that has plagued all generations of network communication. But with increasingly intimate and minute user details becoming available on the IoT, enterprises and private citizens alike must intelligently evaluate their 5G networks and the devices on which they access it. The capabilities of 5G networks promise a better environment for a more interconnected and productive world, but only when the information that flows through it remains secure and encrypted.-Toolbox