A host of security flaws discovered in 5G technology that include enabling a victim’s real-time location to be tracked are a “serious” cause for concern, prompting experts to call for “urgent” fixes.
The flaws, which were discovered by researchers at Purdue University and the University of Iowa, consist of around ten security vulnerabilities within 5G technology that could be taken advantage of by hackers.
Among the capabilities the 5G security flaws give to would-be attackers are the ability to spoof emergency alerts, silently disconnect a phone from the network or track a target’s real-time location. And it is these that have caused the strongest reaction among the cybersecurity industry.
“In my opinion, this is serious threat as it allows for location tracking to potentially be used discrediting an individual based on location, track and intercept, as well as disconnect your phone at a time of need,” said Oliver Pinson-Roxburgh, managing director at Bulletproof.
“This is especially worrying for high-profile individuals, and is a really scary threat that needs to be addressed.”
5G security flaws put drones and driverless cars at risk
The security flaws don’t just have implications for the technology’s use in phones.
The speed and low latency of 5G makes the technology vital to a host of emerging technologies, including driverless cars, drones and urban air mobility solutions, where the ability to track and suddenly cut off network access could be devastating.
“As 5G is designed for commercial use, we will no doubt see it being used in the automotive space, as many cars these days have mobile devices inbuilt and the speed of 5G better suites this use case,” said Pinson-Roxburgh.
“Thus, if not fixed, this could allow attackers to detect if you are in transit or target drones using the technology.”
“We’re already hearing about literally life-threatening services around autonomous vehicles or remote surgery going over 5G, and that’s scary in a world where confidentially, integrity and availability can’t be guaranteed,” added Sam Curry, chief security officer at Cybereason.
Don’t panic, fix
While the flaws are a cause for concern, experts have been quick to highlight that this shouldn’t be a reason to not use the technology – instead, it should be a reason to patch the vulnerabilities urgently.
“5G has massive promise but is a new technology. Whenever a new technology arrives, we will always see a massive spike with risk and then we learn to compensate and fit it into what we do,” said Curry.
“Security should not be the ‘department of no’ but should instead become the ‘department of yes’ and where we show the way forward to being connected and resilient. Brakes are not put on a car to stop it; they are on a car to let it confidently go really fast.”
For 5G providers, then, the message is to take action now before the technology becomes widespread.
“5G providers should take the necessary steps to secure any weaknesses that could undermine 5G security and privacy protections and put users at risk,” said Robert Ramsden-Board, VP EMEA at Securonix.
“5G is such a dramatic increase that any vulnerability has massive implications, and the fact that many 4G resources can be upgraded, so-to-speak, makes this even more urgent. It’s also worth noting that some countries, like Switzerland, have slowed or stopped the 5G rollout pending more understanding of the security impact, especially around critical infrastructure,” added Curry.
“Everyone is already at risk to some degree, but that’s no excuse to make things worse. Security isn’t about just finding flaws though. We have to first ensure, like doctors, that we collectively don’t make things worse. While location can be tracked in many ways, we shouldn’t make it easier or cheaper collectively. Then we have a responsibility to fix it!”