Deployment of 5G might not bolster IoT Security

398

Last year, US President Donald Trump announced that his government would like to nationalize the next generation 5G wireless networks in a bid to guard against competitive and Cybersecurity threats from nations like Russia, North Korea and from mainly China.

The Federal Communications Commission of United States has also confirmed that the move will help in curbing cyber threats of any range in future and will bolster the security of the Internet of Things (IoT).

But security experts from the European Union Agency for Network and Information Security aka ENSIA( shortly) have warned that the certain flaws in the existing mobile networks like 2G, 3G and 4G will find their way back into 5G networks too.

In a report published by ENSIA on Thursday last week, it was revealed that known flaws in SS7 and Diameter, the signaling protocols used in 2G, 3G and 4G could also be present in the architecture of 5G network which could allow traffic to be eavesdropped or spoofed along with the interception of the location, which could prove fatal to the security of IoT.

Some hackers from Africa have been found exploiting the SS7 signaling protocol used in 2G and 3G networks to intercept or divert text message sent via SMS. They have been doing this in the case of 2-factor authentication, spoofing users by fraudulent means.

ENISA notes that several users from German banks have seen their accounts get drained due to funds when the fraudsters tricked them with a fake mobile one-time password.

In recent times, researchers have also demonstrated DDoS attacks on 4G networks using the diameter signaling protocol, allowing a user/s mobile devices get temporarily or permanently disconnected from the mobile service provider’s network.

Thus, if the 5G networks use the same protocols along with others, the future of securing IoT would fall into jeopardy.

As the governments of certain European nations are planning to roll out 5G networks ahead of the US and some Asian countries, it would be interesting to find the impact of the ENISA report on their plans.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security