Building on existing networks risks exposes 5G to old risks
Today's 5G networks mostly rely on the infrastructure of previous-generation 4G LTE networks. The non-standalone architecture has proved a quick way to provide subscribers with 5G access, however, this also exposes both the next-generation network and 5G subscribers to the same threats as older networks.
A new white paper from Positive Technologies details how mobile network operators (MNOs) who have already begun upgrading to 5G networks can migrate from previous generation networks without exposing themselves and their subscribers to existing and new risks.
"For years to come, most 5G networks will continue to rely on 4G networks, which means 5G-only security efforts are pointless and dangerous," says Pavel Novikov, head of the telecom security research team at Positive Technologies. "Therefore, true 5G security must go beyond the features built into standalone architecture. Cost efficiencies can be gained by building a hybrid network that supports both LTE and 5G which will enable a future-proofed next generation network in the longer term. This enables mobile operators to add new 5G-capable subscribers, while continuing to support older ones to offer a full-service network. To defend 5G networks, it's important to pay special attention to signalling networks, utilising existing defences, and adding additional layers specific to 5G. The network must be carefully checked for configuration errors, requiring regular assessment of the state of infrastructure security."
Previous Positive Technologies research has shown that an attacker can exploit Diameter vulnerabilities in 4G to cause denial of service attacks, track subscriber location, obtain subscriber profile information, and commit fraud. In the latest report, Positive Technologies experts argue that with 5G non-standalone architecture, previous-generation protocols must be secured, since networks are so intertwined merely defending 5G is not enough.
The full Migrating mobile networks to 5G: a smooth and secure approach white paper is available from the Positive Technologies site.