US intelligence agencies warn about 5G weaknesses that pose a cybersecurity threat due to improper implementation of telecom standards, supply chain threats, and weakness in systems architecture. These weaknesses in 5G networks can make them potential targets to be exploited by hackers and nation-state adversaries.
On Monday the US National Security Agency (NSA) in collaboration with the Office of the Director of National Intelligence (ODN) and Department of Homeland Security(DHS), Cybersecurity and Infrastructure Security published an analysis that focuses on identifying and assessing risks and vulnerabilities introduced by the adoption of 5G.
The report stated, “As new 5G policies and standards are released, there remains the potential for threats that impact the end-user. For example, nation-states may attempt to exert undue influence on standards that benefit their proprietary technologies and limit customers’ choices to use other equipment or software.”
Further, the reports also mention the influence of adversarial nations on the development of technical standards. This may pave the way for adopting proprietary technologies that are untrusted, leading to equipment that may be difficult to update, repair, and replace. Additionally, the optional security controls are masked into the telecommunications protocols, this may not be implemented by the network operators, though may leave an open door that bad actors can exploit.
NSA, ODNI, and CISA are also concerned about the supply chain. Since the components are procured from third-party vendors, suppliers, and service providers it can lead to the production of counterfeit or compromised security flaws and malware injected in the early stages of development. Again enabling threat actors to exploit the vulnerabilities later on.
According to the analysis, “Compromised counterfeit components could enable a malicious actor to impact the confidentiality, integrity, or availability of data that travels through the devices and to move laterally to other more sensitive parts of the network”
Malicious code can also be purposely added to a module delivered to target users either by infecting the source code repository or hijacking the distribution channel, a form of software supply chain attack. This will again have unaware customers deploy the compromised components into their networks.
The 5G architecture has weaknesses leading to bad actors exploiting it to carry out a variety of attacks.
5G Weaknesses in Architecture
- Lacks 4G legacy communications infrastructure, comes with its own set of inherent shortcomings which can be exploited.
- Improper slice management could permit adversaries to obtain data from different slices and even disrupt access to subscribers.
Earlier in March 2021, AdativeMobile published its findings, security flaws in the slicing model can be repurposed to allow data access. Allowing threat actors to carry out DDOS attacks between different network slices on a mobile operator’s 5G network.