Skip to main content

Navigating the 5G fast lane: the sophisticated hackers of today will look to capitalise on any weaknesses they can

(Image credit: Image Credit: Supparsorn / Shutterstock)

5G may just be the biggest thing to happen to the number 5 since the Jacksons.

Over the last two decades, the transition from 2G to 3G, and 3G to 4G, has laid the foundations for a completely connected world. 2019 is finally the year we begin the mass rollout of 5G, and it’s set to disrupt both the way we do business and the way we live our daily lives.

5G everywhere

With average mobile download speeds promised at around 1Gbps, 5G networks will provide the infrastructure needed to greatly enhance the mobile experience for consumers and how they interact with data. EE recently became the first UK carrier to launch its 5G network, switching it on in six cities across the country in May 2019. It has promised to bring 5G to 10 further cities by the end of this year. Then at the start of July, Vodafone launched 5G in seven cities, with a total of 19 locations set to be covered by the end of the year. Meanwhile, O2 and Three have also committed to launching their 5G networks in 2019.

Currently, devices in a given area generally connect to one macro cell tower. A key aspect of the 5G rollout is the deployment of smaller cells across an area – for example, on top of lamp posts, in homes, and at bus stops. In this way, 5G will enable more devices to connect at blazing speeds, including passing cars, smart homes, mobile handsets, weather sensors and much, much more. However, the infrastructure to wire all these smaller cells together has yet to be built. There are still details to be worked out, for example, on how 5G will be delivered into many people’s homes.

Securing the network

In this race to get 5G to the masses, there is another hurdle that must not be overlooked: the security of our networks. The importance of security in nearly every 5G use case cannot be understated. Having been built on the LTE security model, 5G has a good security foundation, but there are unique challenges inherent with this new technology for which security solutions are not yet agreed.

And although the security solutions are still being debated in the public sphere, the recognition of its importance comes from the very highest levels. The National Infrastructure Commission recently stated that securing mobile networks is “necessary to put the UK at the forefront of this emerging technology” and “critical to the growth of our economy”. The UK Government has also announced funding that aims to bolster 5G security, with “£10 million to create facilities where the security of 5G networks can be tested and proven, working with the National Cyber Security Centre”.

One of the unique challenges industry leaders are facing is around local networks. Many of the IoT use cases for 5G call for machine-to-machine direct communication within a local area — for instance, a network of autonomous vehicles exchanging information about speed, position, road conditions and more. This type of peer-to-peer communication is typically not part of how carriers like EE run their mobile data networks and so new solutions need to be found and implemented.

Speed vs authentication

Add to the peer-to-peer challenge the idea that IoT devices will need to be able to quickly authenticate themselves and have a way to encrypt data without impeding latency. Low latency is an integral aspect of 5G, essentially allowing for real-time feedback. An interesting example of this is a surgeon operating a scalpel with microscopic accuracy using robots in a completely remote location. Increase the latency and the surgeon will experience a lag between their input and the robot’s actions; the process falls apart and the surgeon cannot do the work in any meaningful way.

Keeping networks such as these secure raises more questions still. The simple fact that there will be a huge increase in the number of devices attached to a network will make them harder to secure. How do you protect the sensitive data that travels through sensors and other IoT devices that are small, simple and not always capable of complex computational tasks like strong encryption? What about when an endpoint you are communicating with is out of your control? Currently, many LTE deployments rely on over-the-top encryption by the browser or mobile app (such as HTTPS) to ensure end-to-end data integrity and privacy. This may not be an option for many 5G use cases.

Security vulnerabilities can lead to data being accessed at various points along the journey. Sophisticated hackers of today will look to capitalise on any weaknesses they can; if this means exploiting software, they will do so. If it means acquiring sensitive information from people directly, they will use social engineering to do so. An even bigger worry is the potential disruption to the intelligent networks required to power crucial technologies such as self-driving cars, smart buildings, and power networks.

This is why it is so important to elevate security to one of the core values of any use case for 5G. Building security in from the start and educating employees on best practice will go a considerable way to combatting security issues from the outset. Reacting to an issue once it’s already happened can have serious consequences for not only businesses, but – as data is often personal, and identifiable – can impact people’s lives.

The privacy imperative

Perhaps the most publicised – and potentially most serious – 5G privacy concern is in the carrier equipment that may be used to build out the networks. Most businesses have little influence over this issue. But they do need to focus on what they can do to alleviate the considerable privacy concern among today’s consumers.

Be clear on what you are doing with people’s data and help educate users on how they can have more control and manage that themselves. The general public has become savvier about how their data is being collected and used by companies, yet this has failed to alleviate concerns over online privacy. According to research conducted by PwC, 85 per cent of consumers say cybersecurity and privacy risks are among the biggest risks facing society. They also say the onus is on businesses to be proactive when it comes to data protection, highlighting just how imperative it is for businesses to implement a security plan early, and implement it effectively.

Where necessary, businesses should be delaying gratification of the enhanced mobile broadband experience of 5G to prioritise security. Racing through deployment without careful consideration and planning of security may result in missing the 5-star experience 5G has been hyped up to be.

Michael Mosher, Head of Global Security, OpenMarket

Michael Mosher is a former US Secretary of State bodyguard and head of protective services. A recognised leader in the telecommunications industry, he leads OpenMarket’s security and privacy arm.