Morey Haber, CTO and CISO, BeyondTrust, discusses why the 5G era will require organisations to rethink their cybersecurity strategies.
After many years of promises, we’re finally on the cusp of the 5G era. In the UAE, both Etisalat and du have already rolled out 5G networks and in late October 2019, Etisalat and the Dubai Multi Commodities Centre announced that Jumeirah Lakes Towers (JLT) in Dubai, would become the first 5G-powered phone network area in the UAE. And we’re seeing similar moves by operators across the GCC.
5G will disrupt mobile device technology, unseating 4G, LTE, and older 3G and 2G technologies. Home and commercial broadband and internet access will change and not require cable, POTS, satellite, or even fiber to provide high speed access to everyone. New applications for information sharing will emerge between devices and people.
But 5G does bring with it a whole new set of security ramifications that we can’t afford to overlook. According to Verizon wireless, the throughput of 5G will peak at 10Gbps (compared to 953 Mbps for 4G LTE) and accessible to devices traveling at 310 mph. This means any 5G device — mobile phone, IoT, and other — will be able to transmit or receive incredibly large quantities of data, even when traveling at speeds above any land-based transportation, and nearly half the speed of a commercial airliner. This creates a new attack vector for threat actors that the world has not seen before.
Here are some of the significant cybersecurity challenges posed by 5G:
- Large quantities of data can be exfiltrated from an organisation in a few seconds via a 5G-enabled device.
- Large quantities of data exfiltration no longer require hacking the cloud, removable media, nor egressing data via a firewall. They can route through a cellular network with a malicious 5G device that has access to an organisation’s information.
- Threat actors can now use “true drive-by” hacking techniques to communicate with rogue or compromised 5G devices to exfiltrate data, perform command and control, or maintain a persistent presence because communications to compromised or rogue 5G devices can occur at high velocities. If you consider over 400 million 5G-enabled devices are expected to be shipped in 2022 alone, hacking the devices will become a new attack vector for a persistent presence.
- Finally, 5G represents a new attack vector for Distributed Denial of Service attacks. (DDOS). Due to the high bandwidth, low latency (up to 120x less than 4G), mobile nature, difficulty potentially with tracking geolocation based on privacy and carriers, infected 5G devices could be the largest botnet to attack “anything” since the Mirai Botnet, which occurred 2016.
These should not stop the deployment of 5G. In fact, enterprise cyber defenses for these new types of attacks and data exfiltration may begin to employ certain military tactics. These include:
- Using “jammers” to block cellular communications from within sensitive networks and buildings that may allow access to data via traditional wired or wireless networks. While these are considered illegal today, I do believe changes will be required to protect sensitive environments, especially government installations.
- For the most sensitive environments, organisations may want to consider deploying a “no electronic device” allowed policy before entering a data center or network-accessible building. This typically requires that all staff and visitors store all of their electronics in a secure locker before entering a building. This should help reduce the risk of a threat actor bringing in a rogue 5G device, but it does not eliminate the threat if they conceal the device and it is small enough.
- Organisations may also consider a commercialised electromagnetic pulse generator (EMP) to “fry” any electronics in a staging room before a user enters the secure area. This is a technique that governments have been using to protect against hostile surveillance equipment for years.
While the threat of hacking using 5G is very real, organisations may also want to adopt one simple additional policy. No bridging of 5G-enabled devices to the corporate network. That is, if your device is 5G-enabled, do not allow wired and wireless connections to be active at the same time. While this is not perfect, it does prevent a 5G device from becoming that gateway into a network. This is very similar to many existing policies that prevent laptops from having wired (Ethernet) and wireless (WiFi) communications enabled at the same time.
5G will change our lives — the benefits it confers are many. But, with tremendous amounts of data and speed pervasively available, it will necessitate the right security and judicious policies. New hacking techniques will emerge, and threat mitigation strategies will have to evolve too. In some ways, this all represents a security theme that’s been repeated over and over, leading us now to a new phase of hyper-acceleration of data theft.