26 Mar 5G slicing can be dicey, says security specialist | Light Reading
Hailed by vendors and operators alike as a key benefit of future 5G networks, one security specialist is now saying there is a problem with 5G network slicing that could make 5G mobile networks vulnerable to attack.
Network slicing is a feature of standalone 5G networks that is set to enable an array of new applications and use cases. It is designed to allow operators to create virtual slices that can support different network characteristics, allowing operators to cater to a range of customer needs.
However, mobile network security specialist AdaptiveMobile Security has just publicly disclosed details of what it describes as a “major security flaw” in the architecture of 5G network slicing and virtualized network functions.
“The fundamental vulnerability has the potential to allow data access and denial of service attacks between different network slices on a mobile operator’s 5G network, leaving enterprise customers exposed to malicious cyberattacks,” the company explained.
AdaptiveMobile has already shared its findings with the GSMA. If left unresolved, it warns that the issue “has the potential to cause significant security risks to enterprises using network slicing and undermine operators’ attempts to open up new 5G revenues.”
AdaptiveMobile said it is working in conjunction with the GSMA, operators and standards bodies to address the issue and update architectures to prevent exploitation. It also directs those interested in finding out more to the full white paper.
The good news is that the probability of attack is currently deemed as low owing to the limited number of mobile operators with multiple live network slices on their networks.
James Moran, head of security for the GSMA, went further still, saying it is “important to emphasize that 5G core network slicing is yet to be deployed anywhere and the attacks described in the research paper have not been demonstrated in any live environments.”
“The discovered vulnerabilities do not expose existing network deployments to the threats described in the paper,” Moran said.
He added: “A number of measures that can effectively mitigate the reported threats have been identified and GSMA will be submitting its recommendations to 3GPP in the coming days to ensure the necessary standardization work can be done well ahead of the rollout of 5G core network slicing.”
Moran said the GSMA is grateful to the researchers for sharing the findings and allowing the industry to consider them. “We are satisfied that the mitigations recommended by GSMA will address the vulnerabilities and ensure 5G networks and the users and services they support are protected,” he said.
Moran also indicated that the GSMA has updated its security control guidance for network operators by adding a number of recommendations that directly address the threats described in the research.
Joining the IT crowd
Dr Silke Holtmanns, head of 5G security research at AdaptiveMobile Security, opines that the telecoms industry needs to think more like IT players when it comes to securing mobile networks.
“5G is driving the mobile industry into adopting the technology and techniques of the IT world to increase efficiency and improve functionality. However, while laudable, there needs to be a wider mindset change. When it comes to securing 5G, the telecoms industry needs to embrace a holistic and collaborative approach to secure networks across standards bodies, working groups, operators and vendors,” she said.
In its research, AdaptiveMobile Security said it examined 5G core networks that contain both shared and dedicated network functions. It found that when a network has these “hybrid” network functions that support several slices, there is a lack of mapping between the application and transport layers identities.
“This flaw in the industry standards has the impact of creating an opportunity for an attacker to access data and launch denial of service attacks across multiple slices if they have access to the 5G Service Based Architecture,” the company said.
It provides an example of how this could happen: A hacker compromising an edge network function connected to the operator’s service-based architecture could exploit this flaw in the design of network slicing standards to have access to both the operator’s core network and the network slices for other enterprises.
“The impact being that the operator and their customers are exposed and risk the loss of sensitive location data which would allow user location tracking, the loss of charging related information and even the potential interruption to the operation of the slices and network functions themselves,” AdaptiveMobile said.
Anne Morris, contributing editor, special to Light Reading