Dublin-based AdaptiveMobile Security disclosed details of what it says is a major security vulnerability that threatens operators and their enterprise customers.
AdaptiveMobile Security says the fundamental design flaw could allow data access and denial of service attacks between different network slices on a mobile operator’s 5G Network, leaving their enterprise customers open to cyberattacks.
AdaptiveMobile Security examined 5G core networks that contain both shared and dedicated network functions, and discovered that when a network has ‘hybrid’ network functions that support several slices there is a lack of mapping between the application and transport layers' identities.
This gap in standards could allow an attacker to access data and launch denial of service attacks across multiple slices if they have access to the 5G service-based architecture.
For example, a hacker compromising an edge network function connected to the operator’s service-based architecture could access to the operator’s core network and the network slices for enterprises, exposing both the operator and its customers to the risk of cyberattacks.
Dr Silke Holtmanns, Head of 5G Security Research at AdaptiveMobile Security, said, “5G is driving the mobile industry into adopting the technology and techniques of the IT world to increase efficiency and improve functionality. However, while laudable, there needs to be a wider mindset change.
"When it comes to securing 5G, the telecoms industry needs to embrace a holistic and collaborative approach to secure networks across standards bodies, working groups, operators and vendors”.
The outcome of the research has been shared with the GSMA in line with the standard co-ordinated vulnerability disclosure process.
AdaptiveMobile Security is investigating if the currently defined 5G standards’ mechanisms will be sufficient to stop an attacker. It has uncovered three main attack scenarios which cannot be mitigated by today’s specified technology:
• extracting users' data and in particular location tracking
• denial of service attacks against another network function
• access to another customer's network function and related information.