5G: The look back can overshadow the look ahead

Despite all the obstacles 5G offers massive benefits. It’s unfortunate that while the future shows so much promise, the past remains a serious threat.

When it comes to 5G, there are some strange contradictions at work.

 

First, there’s obviously a lot going on. Even a cursory search for news about this huge shift yields millions of hits: We learn about advances in latency and battery life, the rise of new cell towers and how they affect local communities, competitive differences between telecom conglomerates, and even a few oddball conspiracy theories. We’re seeing new capabilities and being promised many more. It’s not just a new technology foundation, it’s a whole new world.

 

But then, we see a lot that isn’t changing. That’s a problem.

 

Most importantly, let’s understand that we won’t reach full-force 5G until we’ve left behind 4G, 3G and 2G—and that isn’t happening anytime soon.

 

On the one hand, this is not unusual—many new implementations have to contend with legacy issues long after launch. However, as with so many aspects of 5G, the sheer scale of challenges associated with migration to 5G is significant.

 

Despite the perception of cutting-edge technologies being deployed everywhere, many network operators still rely on older solutions. It’s often a complicated crossover: User devices might connect to 5G for data transfer, then switch to 4G or even 2G/3G for voice calls and SMS.Similarly, some widely adopted features in 4G, such as text messaging and establishing call connections, still depend heavily depend on 2G/3G systems. In fact, it’s estimated that the number of 3G users won’t go down much until 2025. And as bad as that sounds, the problems go deeper.

 

Consider SS7, the set of protocols that govern the exchange of signaling messages. It dates back to 1975—ancient history by any technology measure—yet it’s common in 2G and 3G networks even today. At the time of its birth, only fixed-line operators had access to networks. Now, because SS7 is no longer isolated, multiple research initiatives from Positive Technologies show how it can be accessed by both legitimate operators and those with malicious intent. There are also architectural issues that can be exploited to spy on calls, intercept SMS messages, and instigate many forms of fraud.

 

Those dangers don’t go away with the 5G overlap. In fact, given the importance of any weak link, attackers will be able to leverage SS7 vulnerabilities as long as operators continue to implement the older GSM (2G) and UMTS (3G) standards. There are more recent incarnations such as the Diameter (which still dates back to the last century). However, these still have to connect with previous-generation networks, which means the vulnerabilities remain.

 

And finally, there’s the GTP protocol, which issued to carry general-packet radio service (GPRS) within GSM, UMTS and LTE networks (it’s impossible to describe telecom issues without drowning in jargon). This also contains vulnerabilities that endanger both operators and their clients. Looking more broadly, attackers can interfere with network equipment and leave an entire city without communications, impersonate users to access various resources, and use network services at the expense of the operator or subscribers.

 

Positive Technologies conducted security assessments on behalf of 28 telecom operators in Europe, Asia, Africa and South America, and every network tested was found to be vulnerable to DoS, impersonation, and fraud. And while the fear of sophisticated cybercriminals is understandably paramount, some attacks can be managed with nothing more than a cell phone. And again, GTP security issues won’t go away completely even after adopting 5G Standalone.

 

The defenses currently in place are clearly insufficient, and configuration errors made by operators exacerbate the problem. There are no easy fixes, but there are paths forward.

 

First, security must be a priority during network design—factoring it in later adds to the complexity and cost. There are also newer, purpose-built security solutions that strengthen defenses. Finally, the GSMA has made security recommendations, particularly ongoing monitoring and analysis of signaling traffic to detect potential threats. These are eminently sensible and can be achieved with threat detection systems.

 

Despite all the obstacles, and there are more, 5G offers massive benefits. It’s unfortunate that while the future shows so much promise, the past remains a serious threat.

https://cio.economictimes.indiatimes.com/tech-talk/5g-the-look-back-can-overshadow-the-look-ahead/5027