The Risks to 5G IoT: Preparing for the Next Generation of Cybersecurity Threats
By Mihai Voicu
January 14, 2021
By Mihai Voicu
January 14, 2021
The brave new world of 5G promises to bring unprecedented speed and scale to IoT operations and comes with a new generation of security threats. 5G IoT services will no longer neatly fit into the traditional security models optimized for 4G LTE cellular, and the combination of higher bandwidth, more softwarized network functionalities and more connected devices could pose additional risks.
Security experts warn of threats to the 5G IoT environment, such as advanced persistent threats and web application layer vulnerabilities. The vast distribution of decentralized, small-cell networks 5G IoT requires will make it a challenge to keep each system updated and capable of meeting rapidly evolving cyberattacks.
With many more IoT devices connected in the near future — at least one million per square kilometer by some estimates — the attack surface will significantly expand.
Botnets, network-level attacks and other malicious activities present a complicated security picture with sophisticated, mutable attacks. Top concerns include attacks on radio interfaces, signaling plane, user plane (UPF), masquerading, replay, bidding down and man-in-the-middle.
Researchers warn that the proliferation of data traffic and mobile IoT connectivity comes with a significant amount of risk that should be addressed by the telecom industry before 5G is deployed on a large scale.
Most importantly, 5G security must be by design — built-in as an integral part of the system architecture.
To ensure optimal security for IoT deployments, designers must anticipate and prepare for threats, building effective security features into the design of 5G networks rather than attempting to address issues as they arise. A few of the most critical security challenges for IoT on 5G include:
Many of the recommendations for managing 5G security threats are the same as those for managing threats to current networks.
These include using firewalls, conducting routine malware scans, monitoring DNS activity and making threat intelligence a top concern at all times — not to mention training employees on new technology to prevent attacks dependent on human error.
While established practices will still hold value, the new use cases of 5G in IoT applications will create new threats that require smarter solutions. Linked devices, machines, wearables, drones, city infrastructure and autonomous vehicles will store and transmit sensitive personal data on a scale that will be difficult to secure.
As the European Union Agency for Network and Information Security (ENISA) warns, 5G may be vulnerable in part because current signaling protocols (SS7) developed for 2G, 3G and 4G networks may be critically insecure. Updating and securing these protocols will go a long way toward increasing the cybersecurity of 5G networks.
Another threat to 5G networks is the large amount of data stored in the cloud rather than on more secure local servers. The data gathered by IoT devices contribute to a vastly expanded attack surface.
Ultimately, security experts are hopeful that the complex security landscape of 5G can be met with the increasing complexity of AI, machine learning and automation.
By harvesting massive amounts of data from tens of billions of connected devices, AI and machine learning systems can evolve alongside the threat matrix, learning to detect and neutralize threats before compromising critical systems and putting lives and sensitive data at risk.
Despite these challenges, the coming shift to 5G networks promises to offer companies a powerful new tool capable of powering faster, broader IoT deployments.
Editor’s Note: This blog was originally published on 15 May 2019 and has since been updated.