5G: The Final Frontier
This story was written by Kevin Mcgrath · April 7th, 2022
Today Trellix Threat Labs is excited to announce the release of a whitepaper dedicated to 5G and its potential security concerns. As we look at the potential of 5G, we foresee it impacting nearly every facet of digital life in the developed world. From (vehicle to anything communication) to air travel to IoT and mobile broadband, it seems the only way to avoid the impacts of 5G is to live a strictly analog lifestyle and not interact with the rest of humanity. While I enjoy amateur radio as much as the next “ham,” I don’t spend much time on analog communications – even amateur radio communications have gone digital and will see enhancements from 5G.
With the substantial increase in commercial 5G rollouts and the number of devices and industries touched, we at Trellix felt a gap exists in the deep understanding of the fundamentals and security of 5G. Addressing this gap required a deep dive into the 5G protocol from a security perspective. As with every other aspect of technology, there is a never-ending race between malicious actors and security researchers to find critical vulnerabilities in emerging technology. As history teaches, industry professionals losing this race can cause significant financial and societal burdens. In theory, we expect 5G to be inherently more secure than previous generations, but we won’t know for sure without researchers taking the time to investigate. You know what they say about theory and practice…
Within Trellix Threat Labs, we wanted to investigate the full stack of 5G, from radio interface through application layer security. All previous standards have had security flaws, from compromised encryption keys to baseband bugs. We first needed to understand what has changed since the LTE standard. We looked hard at the protocol definition, the security requirements, and the move to software-defined infrastructure with the 5G-NR (5G New Radio).
Labeled as Release 15 of the 3GPP, the protocol definition itself comprises hundreds of pages of technical documentation. While much of the documentation dealt with the needs of carriers (billing, handover, roaming agreements, and similar), a significant portion dealt directly with the security requirements of mobile equipment – standard-speak for edge devices such as phones, IoT widgets, mobile hotspots, and anything else that can connect to 5G. After digging into the latter, we have enumerated the attack surface on the core 5G network from the perspective of malicious devices and created a detailed threat model of the most critical attack surfaces. And because nothing truly exists until it is in writing, we have published this whitepaper so that others may benefit from the work we have done to this point. Also, anything that makes a standard easier to parse is a welcome addition to the body of knowledge on a topic!
Within the whitepaper, we provide an overview of the history of how we got to 5G, with it poised to become one of the most widely used mobile technologies. We discuss some of the benefits and costs of 5G and the move to infrastructure-as-code (SDN, SDR, and virtualization). We detail our proposed attack surfaces, discuss characteristics a malicious device or access point would need, and even look at some of the recent news touching on 5G. As a preview, no, 5G did not cause COVID-19.
We also paid close attention to the proposed use cases within the standard to look for any pointers to where any weaknesses may exist – new functionality adds new complexity, after all. While we can summarize most of the use cases of 5G as “The same as with LTE, but with more bandwidth,” some novel new uses weren’t possible with LTE due to limited bandwidth, i.e., ubiquitous AR. Whether any of these new use cases will bear poison fruit remains an open question we plan to pursue.
Dec 7, 2023
Trellix Named 2023 Global Endpoint Security Company of the Year by Frost & Sullivan
Dec 4, 2023
Trellix Extends Virtual Intrusion Prevention System with AWS Gateway Load Balancer
Nov 28, 2023
Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks
Nov 27, 2023
Trellix Announces Cybersecurity Generative AI Innovations Powered by Amazon Bedrock
Nov 22, 2023
Trellix Hosts Zero Trust Strategy Virtual Forum
The latest from our newsroom
By Harold Rivas · November 28, 2023
Uncover insights from global CISOs on post-cyberattacks strategies in Mind of the CISO: Behind the Breach. Learn proactive defense tactics and the role of XDR.
Is your organization’s data protected from an Alien Symbiont attack? In this episode we’ll dive into how the National Superhero Keeper Agency developed a unique use case to defend against an Insider Threat.
New ransomware attacks occur daily, including Rhysida ransomware. This blog aims to improve defenders' security with insights and detection rules.
Get the latest
We’re no strangers to cybersecurity. But we are a new company.
Stay up to date as we evolve.
Zero spam. Unsubscribe at any time.