Improper telecommunications standard implementation, supply chain concerns, and gaps in system architecture might offer significant cyber security vulnerabilities to 5G networks, making them a possible target for cybercriminals and state-sponsored APT organizations.
The US National Security Agency issued the report-POTENTIAL THREAT VECTORS TO 5G INFRASTRUCTURE-on 10.05.2021, with the goal of identifying and assessing the risks and vulnerabilities produced by the adoption of 5G. (NSA), in collaboration with the Office of the Director of National Intelligence (ODNI), the Department of Homeland Security (DHS), and the Agency for Cyber Security and Infrastructure Security (CISA).
The research cites an unjustified influence on the part of governments in the formulation of technical standards, which could pave the way for the adoption of untrustworthy technologies/equipment that is difficult to upgrade, repair, and replace. It is also concerning that optional security protections provided in telecommunications protocols may be vulnerable if they are not applied by telecommunications operators.
The supply chain is a second source of concern, according to US intelligence services. Components and services purchased from third-party vendors may be counterfeited or compromised. They may include security flaws or malware injected during the development process, allowing criminal actors to exploit the flaws at a later stage.
According to the investigation, counterfeit/compromise components could allow a hostile actor to compromise the confidentiality, integrity, or availability of data throughout the network before using lateral movement tactics to obtain access to more sensitive network components/information. In addition, a cyber attack on the software supply chain that infects the source code or hijacks its distribution channel would allow compromised components to be implemented at the level of consumer networks.
Finally, the flaws in the 5G architecture could be leveraged as a jumping off point for a variety of cyber assaults. The biggest one is the necessity to support the outdated 4G communications infrastructure, which has its own set of intrinsic flaws that hostile actors can exploit. Another issue is the ineffective management of network slicing, a virtualization technology that could allow attackers to get critical data and potentially disrupt subscriber access.
According to a study published in March 2021 by AdaptiveMobile specialists, existing security vulnerabilities in the 5G network’s slicing architecture allow access to confidential data and malicious people can perform denial of service attacks between various virtualized components in the network and the communications operator.
Identifying policy and standards, the supply chain, and the architecture of 5G systems as potential attack vectors attempts to assess the risks of moving to the new wireless technology while also assuring the construction of a safe and dependable 5G infrastructure.