Claims that 5G offers “better security” for IoT may not ring true – with the technology remaining vulnerable to SIM-jacking attacks within private Industry 4.0-style deployments, according to infosec biz Trend Micro.
Industry 4.0 is the marketing phrase for “please buy our new networking thing and pay us to collect tons of data which may or may not be useful to your highly profitable manufacturing venture”. Some also call it industrial IoT, and those with longer memories will be spot on when they think of M2M.
Trend Micro thinks that there is a vulnerability within non-public 5G networks deployed to collect data from sensor endpoints within, say, a factory.
In a report issued today the firm’s Craig Gibson wrote: “The cloud and management traffic of an enterprise passes through various security functions and up through the global IT cloud. This traffic then traverses the global telecom cloud, and then through public and non-public radio networks. There is no IT-visible security monitoring on this part.”
According to Gibson, this type of network layout can be used to compromise the 5G network itself. Through compromising a SIM and using that to point the SIM’s host device radios at a private 5G network (instead of a public network operated by a telco), an attacker can then engage in traditional device-compromising behaviour such as altering DNS, BGP and carrier settings.
SIM jacking, or SIM swapping as it’s better known, is the criminal art of convincing telcos to port a victim’s number to a new SIM card controlled by the criminal. In effect it’s an identity theft.
Trend said: “As 5G is enrolled to the next generation of operational technology (OT), these attacks will spread to enterprise equipment and devices that run on 5G SIM cards, and poses the ability to open doors to wider threats, including wiretapping, malware injections, large-scale fraud, poisoning of machine learning and supply chain attacks.”
Europe to straggle Japan, China, US and Korea in 5G adoption stakes
The report continued: “As mobile devices are used for enterprise authentication, hijacked SIM cards can also give hackers access to a user’s enterprise email account as the hardware is said to be ‘trusted’. It means that they’ll be able to access all manner of corporate IP unknowingly.”
More worryingly, Gibson proposed that an attacker could “change the device’s activity profile” and trigger the network to restrict it from performing certain activities. Scale that type of attack across a large number of devices (a “salami attack” as he put it) and automated network traffic management software that uses trend-based rules to govern the network will effectively throttle everyone’s connections.
The scenarios presented are rather nightmarish – and are also mostly possible with today’s technology. 5G isn’t a gateway into hell for people determined to abuse the potential of new tech for criminal gains.
Still, advances in mobile network tech (or indeed any tech at all) don’t always mean we’re automatically more secure or safeguarded against miscreants. ®
CONTINUOUS LIFECYCLE LONDON 2020