5G is Hackable, But it Can be Saved

Security Research Labs uncovered new hacking frontiers that opened up despite improvements in 5G standards. The team was able to hack into the network multiple times, thereby getting hold of customer data or disrupting operations due to poorly configured cloud technology
Listen to this story

In 2020, Meity shared its vision to push the digital economy from 7-8% of GDP to 20% by 2025. Meanwhile, telecom companies Reliance Jio and Airtel are gearing up to launch 5G services in metro cities across the country. The introduction of 5G could unleash transformative changes by enabling better connectivity, faster surfing speed, enhanced accessibility to services, more bandwidth and increased capacity.

In August 2021, engineers from Lockheed Martin, in association with the US Army, demonstrated a flying 5G network. Since the technology has been adopted by one of the world’s most powerful militaries and the largest defense firm in the world, it’s easy to believe that 5G is safe and secure. After all, technologies evolve to plug existing loopholes. 

What’s worrying, however, is the March data by CERT-In, which reported 2.12 lakhs cybersecurity incidents, in barely two months into 2022. Against this backdrop, it becomes imperative to assess how the introduction of 5G would affect the already vulnerable Indian cyberspace. 

Case study: 5G is hackable

In a research blog published a few weeks ago, Security Research Labs (SRL), a cybersecurity consultancy, uncovered new hacking frontiers that have opened up despite improvements in 5G standards. In a series of red teaming exercises, a team from SRL could hack into the network multiple times, thereby getting hold of customer data or disrupting operations due to poorly configured cloud technology. 

Image source: Security Research Labs

The concerning part is that once the hackers broke into the network, they found it very easy to penetrate deeper due to misconfigured containers, thereby getting access to valuable resources from within the network.

Cloud technology plays an important role in 5G. Modern telcos leverage cloud for scalability and flexibility, but as seen in the given case, they often fail when applying basic cloud security techniques. 

What makes 5G networks vulnerable to hacking? 

Now that the hackability of 5G networks has been established let’s see why the security of 5G networks is a concern. 

The advent of 5G has placed a thrust on the virtualisation of network functions that replaces network appliance hardware with virtual machines to virtualise network services like routers, firewalls etc. However, while providing benefits like simplifying network configuration and management, providing on-demand network functionality and doing away with the need for dedicated proprietary hardware devices, virtualisation comes with several security risks.  

Virtualisation leaves network components vulnerable to newer kinds of attacks. It becomes easier for malware to travel among virtual components in a network compared to isolated hardware components. Also, virtualisation makes 5G networks inherently complex with multiple layers. Thus, blanket security policies become redundant in such cases. 

Since virtualisation permits the mixing and matching of software and services from different companies, it entails the involvement of various suppliers and vendors. Now, different vendors prioritise security differently. Thus, it becomes very difficult to ensure due diligence on the part of each vendor, thereby increasing the chances of misconfigurations. This makes it easier to break into virtualised networks. 

What’s the way out for telcos?

SRL suggests two new testing strategies for telcos to ensure security levels on the cloud. First, software and configuration need to be checked with a range of automated tools in their respective development and deployment pipelines. This will help block insecure configurations from being deployed into production. Apart from this, red teaming, as was done in the above case study, helps provide crucial insights into the security design, configuration and operations aspects of the network and provides feedback on gaps in the automated tests pipeline.

Whether Indian telcos are implementing these safety measures isn’t very clear as of now. In July 2021, at a virtual summit organised by Assocham, Open RAN Policy Coalition and US Chamber of Commerce, India batted for implementing default security features in telcos’ open radio access network. However, there have been no further updates on the same. It is high time that all stakeholders put in place dedicated security architecture. Else, there may be serious ramifications given the vulnerable cyber landscape and the lack of specific data protection architecture. 

Download our Mobile App

Zinnia Banerjee
Zinnia loves writing and it is this love that has brought her to the field of tech journalism.

Subscribe to our newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day.
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

Our Recent Stories

Our Upcoming Events

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox

Can OpenAI Save SoftBank? 

After a tumultuous investment spree with significant losses, will SoftBank’s plans to invest in OpenAI and other AI companies provide the boost it needs?

Oracle’s Grand Multicloud Gamble

“Cloud Should be Open,” says Larry at Oracle CloudWorld 2023, Las Vegas, recollecting his discussions with Microsoft chief Satya Nadella last week. 

How Generative AI is Revolutionising Data Science Tools

How Generative AI is Revolutionising Data Science Tools

Einblick Prompt enables users to create complete data workflows using natural language, accelerating various stages of data science and analytics. Einblick has effectively combined the capabilities of a Jupyter notebook with the user-friendliness of ChatGPT.