Mobileum Blog

5G Ecosystem Security Analysis: 6 Threats to Watch For

Written by Imran Saleem | 07/06/2023

 

Unlike previous generations of networks, 5G introduces a new enterprise-oriented architecture that relies upon IT and cloud technologiesWhile this ‘dev-ops’ mindset has been considered standard protocol in the business realm for many years now, it’s a completely different way of working - and thinking - for telcosEnterprises benefit from having the processes, people, and technologies in place to understand and work effectively in this environment, and now mobile network operators are playing catch-up.  

As telcos shift towards this IT-based infrastructure, they are realizing that the ‘attack surface’ that surrounds their services is growing larger by the day. The recent attacks on Dish Telecom and others are a case in point. It’s high time to take a fresh look at how to manage these new vulnerabilities and build appropriate security standards for enhancing governance, risk, and compliance in ways that allow operators to better manage their transition to more modern, next-generation wireless networks.  

The Benefits of a Service-Based Architecture Create New Avenues for Risk 

The introduction of 5G created the need for a new way of architecting mobile networks.  Service-Based Architectures (SBA) have been the answer. Modern network architecture is necessary for operators that want to deliver the ultra-high speed and low latency services required for real-time applications, edge computing, and connecting billions of IoT (Internet of Things) devices. But beware - it will not be long until adversaries find the tools, people, and expertise to target this new telco arena for their own benefit. All Mobile Network Operators should be on high alert. They must make it a priority to design and implement the proper security protocols if they want to avoid putting the very foundation of their business at risk. 

Service Based Architectures are built upon a modular framework from which common applications can be deployed using components of varying sources and suppliers.  Think of it as ‘plug and play’ – everything easily works together and can be added or modified without impacting the other components. This enables 5G networks to become more adaptable and customizable. Individual services can be provided by different vendors and operated independently - with no impact on other services. They can also be deployed on an as-needed basis.  Greater system automation, reduced time to market, lower cost of ownership, and enhanced operational efficiencies are all benefits of this new service-based approach.  

SBA Vulnerabilities: 

But all is not roses and sunshine when it comes to SBA. These architectural changes and adaptations have introduced new challenges and potential risk areas that have a direct impact on some of the very things that make 5G so compelling, such as network slicing, Open APIs, and interconnect traffic.   

Below are six common 5G vulnerabilities to watch for: 

1. OAuth2.0 security risks. ‘Open Authorization’ is a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user. These threats are primarily on the client/server side, are token-based, and are already well-known to the industry, but IT teams still need to be on the lookout. 

2. API-based weaknesses can create a whole host of security threats, including Injection Flaws. This is where an attacker can trick the ‘interpreter’ into executing unintended commands or accessing data without proper authorization. You can find more listed in OWASP (Open Web Application Security Project).

3. JSON Web Token (JWT)-based vulnerabilities have a similar effect as API weaknesses. Risks include JWT tokens being stolen, along with ‘fuzzing’ of data in the header or payload section, token tampering, and a few other potential risk areas. 

4. Slow read DDoS attack involves an attacker sending a legitimate HTTP request to a server, but then reading the response as slow as one byte at a time. This prevents the server from getting an idle connection timeout.
5. HPACK bombs are where an attacker uses seemingly small messages that then expand dramatically and force the target to allocate gigabytes of memory, slowing down response times.

6. Stream multiplexing abuse is where attackers leverage flaws in the way servers implement stream multiplexing to cause denial of service.

All the gaps and weaknesses listed above can and will directly impact 5G networks, but operators need to be aware that the full threat and potential impacts are still being assessed. It’s worth noting that Mobileum’s security research team disclosed several high-risk vulnerabilities in the past. These disclosures led to operators losing revenue who heeded the warnings and took the appropriate precautions. One of these vulnerabilities is related to 5G and is covered extensively in our recently released research paper, OAuth2.0 Security and Protocol Exploit Analysis of the 5G Ecosystem. This vulnerability was also submitted to the GSMA CVD (Coordinated Vulnerability Disclosure) program (CVD 2022-0063) and was accepted by the panel of experts and acknowledged in their “Hall of Fame”. 3GPP endorsed the vulnerability and proposed enhancement in release 18 in response to the LS sent through GSMA. 

To learn more about potential 5G vulnerabilities and what you need to do to protect your network and your subscribers, download the full research paper, or contact us today.