5G vs 4G: Rise of the Attacks

When people talk about 5G, the first (and mostly the only thing) people think about is the higher throughput that they will get to their mobile handset. That's one part of it: 5G is aiming to get throughputs in the 10's of Gbps to each subscriber.

What mostly flies under the radar is that there is a change under the hood for how 5G works compared to 4G and previous generations. Case in point, it has been a hot topic when we are talking about critical infrastructure security.

If you are interested in 5G security, here are some things you can start thinking about when considering where 5G can get compromised:

Mobile Edge Computing

5G brings forward some interesting use cases such as IoT, Critical Services, Self-driving cars and others. In order to realise these use cases, we would need to reduce the latency (and cost) of data crossing across the service provider. The solution: get the data / processing power closer to the endpoints enables these services. This is great for the service but it also means that the data and workloads are distributed and need protection wherever they are located. This is a new place for malicious attackers to start compromising your 5G network.

Throughput

Although throughput doesn't usually jump up as an attack surface but security does include the availability of the service and being able to bring it down by sheer brute force (i.e. DDoS attacks) is something that security professionals all over lose sleep over. As such the ability for each subscriber (that could be a mobile handset, IoT device, basically anything you want to connect to 5G) to go up to double digit Gbps throughput can be used against services to bring them down with an insider DDoS attack. This is something that needs to be considered since services won't be able to scale infinitely as well the fact that most Service Providers start their DDoS protection service from the outside in which doesn't cover this attack.

Disaggregation and Microservices

Virtualization is mandated in the 5G world. This means that when building a 5G core, you need to follow a microservices architecture (a broad topic in itself). Each function in the network core will work in a standalone virtual function that could potentially be from several vendors. This also applies to the separation between control and forwarding. What does that mean? It means that an attack surface exists in the gaps between the different functions / vendors. The operator needs to have visibility and the ability to segment the different functions of the network.

API Access

5G moves to REST API's for communication between the components so it makes sense to expose a northbound API for the provider and/or trusted entities to be able to create their own network services on-demand. This allows us to allow applications (hopefully that we trust) to interact in a programmatic way with the 5G core. With this power comes the need to secure this API against misuse.

The above is by no means a conclusive list of the 5G attack surface. Did I miss any major attack surface? Please let me know.