Your company’s mobile device security has always been of utmost importance, but if you’ve been slacking, now is the time to get a solid mobile security plan into place. As we get closer to the full integration of 5G protocol, tech leaders are becoming more and more concerned with several security issues that have been identified and are yet to be addressed. Surely, you’ve seen it in the news, but what exactly does this mean for your company’s mobile device security?
5G networks are already rolling out in major cities across the globe, and as they go, they’ve been facing certain technical issues. Many would argue that these challenges should have been expected, given the approach of such a bold introduction. As cities go online, experts have found nearly a dozen new and unexpected vulnerabilities within the 5G network that have further complicated the rollout.
Complications are Inevitable as Technology Advances
Certain complications are inevitable when it comes to any key moment in technological advancement. We create, we learn, and we modify as needed. That’s how IT works and how it has evolved to be what it is today. It’s the timing here, however, that’s the issue, as many major cities have already gone live, exposing them and their users to these unforeseen security risks.
Researchers recently presented detailed findings of at least 11 new design issues found within the 5G protocols. These design flaws include putting user location at risk, call, text, and browser history tracking, running up wireless bills, and downgrading user service to old mobile data networks, among others. For users, all of this raises concerns over snooping and personal privacy.
Vulnerabilities May Be Lingering
Researchers also found 5G vulnerabilities that carried over from 3 and 4G networks that were never resolved leading experts rushing to correct these flaws with time running out as rollout continues world-wide. 5G networks carried over many of the same security features found in previous generations. This means that the latest 5G networks inherited their flaws, with perhaps, the extent yet to be revealed, as all 5G features, both new and old, have yet to undergo extensive security evaluation.
5G networks were designed to protect phone identifiers that prevent tracking and targeted security attacks. Some of the flaws being found, however, include downgrade attacks. When these happen, user devices are automatically bumped down to 4G or their service is limited. The data is then left vulnerable and forced to send users’ unencrypted IMSI number (the unique international mobile subscriber identity number associated with Global System for Mobile Communications) out, defeating the purpose of the new 5G protection protocols. More and more networks are using an alternative ID, a Temporary Mobile Subscriber Identity, that regularly changes in order to hinder tracking, but this too has been found to have override capabilities that result in device tracking.
In addition to tracking issues, researchers are also finding flaws in basic device registration and deregistration, as well as paging, the function that notifies users of incoming texts and calls. The vulnerability here is that cyber hackers can easily gain information through “replay” attacks which repeatedly send the same message or command and run up a target’s mobile bill.
All findings are now under review with experts taking appropriate measures to quickly correct all vulnerabilities and flaws as the rollout continues to make headway across the globe. However, there is no way yet to tell if more issues, especially those dealing in the serious nature of location tracking and network downgrading, will be revealed in time.
For now, researchers continue to be diligent, carefully scrutinizing and going through the necessary security and testing processes to ensure that the 5G standard will ultimately protect users. As the eagerly awaiting audience to this latest technology, all of this means that we must remain aware of such possible security threats, and stay educated on the progress of these findings so that we, as a community, can continue to demand the highest standard of quality and protection necessary to operate within our global society.
Are you concerned about your company’s mobile device security? If so, contact a member of the Realnets team to request a consultation.