The EU’s cyber security agency ENISA has published “ENISA threat landscape for 5G Networks” report that draws an initial threat landscape and presents an overview of the challenges in the security of 5G networks.
It presents 5G architecture, the identification of important assets, the assessment of threats affecting 5G, the identification of asset exposure and an initial assessment of threat agent motives.
You can download the document from this page:
https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-5g-networks
There is also a 5G Cybersecurity Hackathon starting in Oulu Finland
https://ultrahack.org/5gcyberhack
Here is my news article on both of those in Finnish
https://www.uusiteknologia.fi/2019/11/29/5g-verkkojen-tietoturvariskit-listattu-oulu-testaa-ongelmat/
31 Comments
Tomi Engdahl says:
“Economic Minister Peter Altmaier says risk of Huawei transmitting data to Chinese intelligence agencies is no greater than what ‘unreliable’ US has already done”
German minister and US envoy clash over Huawei’s possible participation in Germany’s 5G network
https://www.scmp.com/news/world/europe/article/3039320/german-minister-and-us-envoy-clash-over-huaweis-possible
Tomi Engdahl says:
5G hackers: These eight groups will try to break into the networks of tomorrow
https://www.zdnet.com/article/5g-hackers-these-six-groups-will-try-to-break-into-the-networks-of-tomorrow/
Organised cybercrime, rogue insiders and nation-state-backed hackers are among the groups that could soon be targeting 5G networks. But there are a few surprises on the list, too.
Tomi Engdahl says:
EU gets a bit STRESSED out about 5G: With great economic benefits come
great security risks
https://www.theregister.co.uk/2019/12/04/council_of_eu_5g_risks/
The Council of the European Union has warned member states that the
introduction of 5G networks poses increased security risks while also
bringing economic and infrastructure benefits.
Tomi Engdahl says:
How we turned 5G into 5k
https://medium.com/sensorfu/how-we-turned-5g-into-5k-a8636b549248
Hacking is a good way to learn and hackathons are a great place to
learn with other like-minded people. And that was exactly what we had
in mind when we invited our friends and signed in as a team to the
first 5G hackathon in the world. We had no preparation or idea what we
were going to do. After we conquered a table for ourselves to set up
our base in we quickly found us split between two different
challenges. Myself and Jukka (with initial help from Jani) took on to
investigate the cylindrical device Nokia has brought into event.
Meanwhile Mikko, Ossi and Jani challenged themselves with University
of Oulu’s 5G hospital
Tomi Engdahl says:
5G Security
https://www.schneier.com/blog/archives/2020/01/china_isnt_the_.html
The security risks inherent in Chinese-made 5G networking equipment
are easy to understand. Because the companies that make the equipment
are subservient to the Chinese government, they could be forced to
include backdoors in the hardware or software to give Beijing remote
access. Eavesdropping is also a risk, although efforts to listen in
would almost certainly be detectable. More insidious is the
Tomi Engdahl says:
“Chinese, Iranians, North Koreans, and Russians have been breaking into U.S. networks for years without having any control over the hardware, the software, or the companies that produce the devices. (And the U.S. National Security Agency, or NSA, has been breaking into foreign networks for years without having to coerce companies into deliberately adding backdoors.) Nothing in 5G prevents these activities from continuing, even increasing, in the future.”
5G Security
https://www.schneier.com/blog/archives/2020/01/china_isnt_the_.html
Tomi Engdahl says:
From SIMjacking to Bad Decisions
5G Security Threats to Non-Public Networks
https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/from-esim-jacking-to-fake-news-threats-to-5g-and-security-recommendations?utm_source=trendmicroresearch&utm_medium=smk&utm_campaign=1119_5g
Our latest research explored threats to 5G connectivity — from SIMjacking, identity fraud, fake news, and poisoning machine learning rules to manipulating business decisions — and found that they can be addressed through an identity-based approach to security.
Risks and Threats to 5G Non-Public Networks (NPN)
Our latest research explored threats to 5G connectivity — from SIMjacking, IoT identity fraud, false decision engine data and logs, and poisoning machine learning rules for the manipulation of business decisions. We also looked at how these risks and threats can be mitigated and addressed through an identity-based approach to security.
Tomi Engdahl says:
Tässä oli aika hyvin tosta 5G:n turvallisuudesta, Mikko Hyppönen esim varoitti aiemmin IoT-laitteiden turvallisuudesta. ”The same [happened](https://www.wired.com/story/5g-more-secure-4g-except-when-not/) with 4G; operators even ignored security features defined as mandatory in the standard because implementing them was expensive. But even worse, for 5G, development, performance, cost, and time to market were all prioritized over security, which was treated as an afterthought.” https://foreignpolicy.com/2020/01/10/5g-china-backdoor-security-problems-united-states-surveillance/
Tomi Engdahl says:
China Isn’t the Only Problem With 5G
https://foreignpolicy.com/2020/01/10/5g-china-backdoor-security-problems-united-states-surveillance/?fbclid=IwAR1Hxr9o6fW4ExxzWAcZYRnpL7wcMQvPcLmJqUawT6EUtVHGBwdfXe_zoIA
The network has plenty of other security weaknesses, including ones the United States doesn’t want to fix since they help its own surveillance efforts.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2020/01/29/eulta-yhtenaiset-linjaukset-5g-verkkojen-turvaamiseen/
Euroopan unionissa on valmisteltu yhteiset linjaukset 5G-verkkojen turvallisuudesta. Linjauksilla pyritään myös yhtenäiseen lähestymistapaan 5G-verkkojen turvallisuuteen liittyen kaikissa jäsenvaltioissa. Uuden työkalupakin suositukset on suunnattu ensisijaisesti jäsenvaltioille, teleyrityksille ja laitevalmistajille.
Tomi Engdahl says:
Matina Stevis-Gridneff / New York Times:
Despite US pressure, the EU told member states they should limit “high risk” 5G vendors, like Huawei, but did not recommend a total ban — The bloc’s experts suggested members limit and monitor the involvement of “high-risk” vendors as they invest in next-generation mobile communications infrastructure.
https://www.nytimes.com/2020/01/29/world/europe/eu-huawei-5g.html
Tomi Engdahl says:
The Guardian:
UK government says it will let Huawei build non-core elements of Britain’s 5G network but will ban the company from operating at sensitive sites
UK Huawei decision appears to avert row with US
https://www.theguardian.com/technology/2020/jan/28/boris-johnson-gives-green-light-for-huawei-5g-infrastructure-role
US sources say special relationship too important to jeopardise over Chinese tech firm
Tomi Engdahl says:
UK has chance to relook at Huawei 5G decision, says Pompeo
https://www.theguardian.com/technology/2020/jan/29/uk-chance-relook-huawei-5g-decision-mike-pompeo
Secretary of state strikes measured tone but says US still thinks Chinese firm poses risk
Tomi Engdahl says:
The US Is Losing Its Fight Against Huawei
https://www.wired.com/story/uk-huawei-5g-networks-us/
The Trump administration has spent years pressuring the UK to ban Chinese giant Huawei. It didn’t work.
Tomi Engdahl says:
EU supports Huawei use in 5G networks in defiance of US
But calls for restrictions on high-risk suppliers
https://www.theverge.com/2020/1/29/21113289/european-union-eu-huawei-5g-networks-national-infrastructure-ban-usa
The European Union has issued a set of guidelines on the use of high-risk vendors like Huawei for building the single market’s 5G networks. Although individual member states will have ultimate control over which equipment they allow in their 5G infrastructure, the European commission has created a “toolbox” of security measures, which it hopes will allow countries across the bloc to coordinate their approaches.
Although the commission’s guidelines don’t mention it directly, Huawei is the vendor that’s been causing the most concern internationally, with the US arguing in favor of a total ban of the Chinese company’s involvement in 5G infrastructure. Yesterday, the UK decided to allow high-risk vendors such as Huawei in its 5G networks, albeit with restrictions.
The EU’s guidelines mirror many elements of the UK’s decision.
Tomi Engdahl says:
Secure 5G networks: Commission endorses EU toolbox and sets out next steps
https://ec.europa.eu/commission/presscorner/detail/en/ip_20_123
The Commission is today endorsing the joint toolbox of mitigating measures agreed by EU Member States to address security risks related to the rollout of 5G, the fifth-generation of mobile networks. This follows the European Council’s call for a concerted approach to the security of 5G and the ensuing Commission Recommendation of March 2019. Member States have since identified risks and vulnerabilities at national level and published a joint EU risk assessment. Through the toolbox, the Member States are committing to move forward in a joint manner based on an objective assessment of identified risks and proportionate mitigating measures. With its Communication adopted today, the Commission is launching relevant actions within its competence and is calling for key measures to be put in place by 30 April 2020.
Cybersecurity of 5G networks – EU Toolbox of risk mitigating measures
https://ec.europa.eu/digital-single-market/en/news/cybersecurity-5g-networks-eu-toolbox-risk-mitigating-measures
The objectives of this toolbox are to identify a possible common set of measures which are able to mitigate the main cybersecurity risks of 5G networks, and to provide guidance for the selection of measures which should be prioritised in mitigation plans at national and at Union level. It does this in order to create a robust framework of measures with a view to ensure an adequate level of cybersecurity of 5G networks across the EU and coordinated approaches among Member States.
Tomi Engdahl says:
No pan-EU Huawei ban as Commission endorses 5G risk mitigation plan
https://techcrunch.com/2020/01/29/no-pan-eu-huawei-ban-as-commission-endorses-5g-risk-mitigation-plan/
The European Commission has endorsed a risk mitigation approach to managing 5G rollouts across the bloc — meaning there will be no pan-EU ban on Huawei. Rather it’s calling for Member States to coordinate and implement a package of “mitigating measures” in a 5G toolbox it announced last October and has endorsed today.
“Through the toolbox, the Member States are committing to move forward in a joint manner based on an objective assessment of identified risks and proportionate mitigating measures,” it writes in a press release.
Tomi Engdahl says:
5G Security
https://www.schneier.com/blog/archives/2020/01/china_isnt_the_.html
Tomi Engdahl says:
https://www.securityweek.com/us-says-eu-understands-5g-risks-pushes-huawei
Tomi Engdahl says:
Introduction to mobile network intrusions from a mobile phone
https://medium.com/mobile-stacks-and-networks-security/introduction-to-mobile-network-intrusions-from-a-mobile-phone-9a8e909cc276
With the introduction of the packet service, mobile user equipment (UE) are able to use the IP communication protocol. Without the right routing and filtering of UE communications, some sensitive assets on the operator’s infrastructure could be exposed, such as core network services.
Mobile operators are generally aware of this kind of attack vector and apply the right mechanisms to avoid any risk from the subscriber context. Nevertheless, those mechanisms are different from an operator to another and their effectiveness varies.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2020/01/29/eulta-yhtenaiset-linjaukset-5g-verkkojen-turvaamiseen/
Tomi Engdahl says:
Introduction to mobile network intrusions from a mobile phone
https://medium.com/mobile-stacks-and-networks-security/introduction-to-mobile-network-intrusions-from-a-mobile-phone-9a8e909cc276
Tomi Engdahl says:
Vodafone to strip Huawei from ‘core’ network at cost of £200m
Move follows new UK rules and EU guidelines on use of Chinese group’s equipment
https://www.ft.com/content/b4bbd752-47f0-11ea-aeb3-955839e06441
Vodafone is to strip Huawei systems out of the core of its European network at a cost of €200m as the European telecoms sector moves to adapt to new limits on use of the Chinese company’s equipment.
Chief executive Nick Read said on Wednesday the process would take five years because of the complexity of removing systems critical to its network.
Tomi Engdahl says:
Akamai CSO: 5G is a whole new cybersecurity nightmare
https://www.protocol.com/5g-cybersecurity-akamai
Andy Ellis, chief security officer at Akamai, says businesses are struggling to protect themselves against connected devices. With 5G, the problem is only going to get worse.
Tomi Engdahl says:
How to Protect Your Network Infrastructure and Apps from DDoS Attacks?
https://pentestmag.com/how-to-protect-your-network-infrastructure-and-apps-from-ddos-attacks/
Tomi Engdahl says:
Introduction to mobile network intrusions from a mobile phone
https://medium.com/mobile-stacks-and-networks-security/introduction-to-mobile-network-intrusions-from-a-mobile-phone-9a8e909cc276
With the introduction of the packet service, mobile user equipment (UE) are able to use the IP communication protocol. Without the right routing and filtering of UE communications, some sensitive assets on the operator’s infrastructure could be exposed, such as core network services.
Tomi Engdahl says:
A lack of protection at the user level leaves LTE and early 5G devices — including IoT and IIoT implementations — vulnerable to attack.
IMP4GT Vulnerabilities Allow for Impersonation on 4G LTE, Early 5G Cellular Networks
https://www.hackster.io/news/imp4gt-vulnerabilities-allow-for-impersonation-on-4g-lte-early-5g-cellular-networks-8c2971510f93
A lack of protection at the user level leaves LTE and early 5G devices — including IoT and IIoT implementations — vulnerable to attack.
A team of researchers from Ruhr University Bochum and New York University Abu Dhabi have published details of a pair of impersonation attacks in 4G Long Term Evolution (LTE) networks — known as IMP4GT for short.
While the authentication scheme used in Long Term Evolution (LTE) cellular networks is provably secure, there’s a flaw: A lack of integrity protection at the user, rather than control, level means it’s possible to manipulate and redirect packets.
“An attacker can book services, for example [to] stream shows,” explains Professor Thorsten Holz from Horst Görtz Institute for IT Security of the vulnerabilities’ impact, “but the owner of the attacked phone would have to pay for them.”
IMP4GT comes in two variants: An uplink impersonation attack allows the attacker to generate IP traffic which will be associated with the IP address of the target, potentially triggering billing as per Holz’ warning; downlink impersonation, meanwhile, lets an attacker create a TCP/IP connection to a target handset and immediately bypass any IP-level protections in the LTE network.
In testing, the researchers found that Android handsets were vulnerable to the IMP4GT attacks across both IPv4 and IPv6 networks; Apple’s iOS, meanwhile, proved vulnerable only in IPv6 mode. While tricky to pull off — “the attacker needs to be highly skilled and in close proximity to the victim,” the researchers advise — the attack could potentially spell trouble for high-value Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices which use LTE networks for data transmission.
The attacks aren’t restricted to LTE networks, though those are its primary target: The researchers found that early 5G network implementations operating in non-standalone mode have the same lack of user-plane integrity protection as LTE; the second-phase standalone rollout, however, implements optional user-plane data integrity protections which block the attacks if enabled.
Tomi Engdahl says:
Mobile Networks Vulnerable to IMP4GT Impersonation Attacks
https://www.securityweek.com/mobile-networks-vulnerable-imp4gt-impersonation-attacks
“IMP4GTallows an active radio attacker to establish arbitrary TCP/IP connections to and from the Internet through the victim’s UE. IMP4GTexploits the lack of integrity protection along with ICMP reflection mechanisms. As a result, the attacker can circumvent any authorization, accounting, or firewall mechanism of the provider,” the researchers conclude.
The researchers, who contacted the GSMA last year to report the discovery, say that all network vendors are equally vulnerable and that their attack works on some 5G networks as well. All devices that connect to an LTE network are affected, including phones, tablets, and appliances.
The vulnerability could be addressed in the now-rolling-out 5G networks by implementing mandatory user-plane integrity protection, but that would require higher costs for network operators — the additional protection would generate more data during transmission — and the replacing of current mobile phones. Base stations would also need to be expanded.
https://imp4gt-attacks.net/
Tomi Engdahl says:
Tackling Security Challenges in 5G Networks https://www.enisa.europa.eu/news/enisa-news/tackling-security-challenges-in-5g-networks
The EU Agency for Cybersecurity (ENISA) proposes good practices for the secure deployment of Network Function Virtualisation (NFV) in 5G networks.. Network Function Virtualisation is a new technology in 5G networks, which offers benefits for telecom operators in terms of flexibility, scalability, costs, and network management. However, this technology also introduces new security challenges.
Tomi Engdahl says:
One of 5Gs Biggest Features Is a Security Minefield https://www.wired.com/story/5g-api-flaws/
TRUE 5G WIRELESS data, with its ultrafast speeds and enhanced security protections, has been slow to roll out around the world. As the mobile technology proliferatescombining expanded speed and bandwidth with low-latency connectionsone of its most touted features is starting to come in to focus. But the upgrade comes with its own raft of potential security exposures. A massive new population of 5G-capable devices, from smart-city sensors to agriculture robots and beyond, are gaining the ability to connect to the internet in places where Wi-Fi isn’t practical or available. Individuals may even elect to trade their fiber-optic internet connection for a home 5G receiver. But the interfaces that carriers have set up to manage internet-of-things data are riddled with security vulnerabilities, according to research that will be presented on Wednesday at the Black Hat security conference in Las Vegas.
Tomi Engdahl says:
Attacks on 5G Infrastructure From Users’ Devices https://www.trendmicro.com/en_us/research/23/i/attacks-on-5g-infrastructure-from-users-devices.html
With the growing spectrum for commercial use, usage and popularization of private 5G networks are on the rise. The manufacturing, defense, ports, energy, logistics, and mining industries are just some of the earliest adopters of these private networks, especially for companies rapidly leaning on the internet of things (IoT) for digitizing production systems and supply chains. Unlike public grids, the cellular infrastructure equipment in private 5G might be owned and operated by the user-enterprise themselves, system integrators, or by carriers. However, given the growing study and exploration of the use of 5G for the development of various technologies, cybercriminals are also looking into exploiting the threats and risks that can be used to intrude into the systems and networks of both users and organizations via this new communication standard. This entry explores how normal user devices can be abused in relation to 5G’s network infrastructure and use cases.