• Home
  • News
  • Business
  • Gear
  • Reviews
  • Games
  • Science
  • Security
Reading: One of 5G’s Biggest Features Is a Security Minefield
Share
Ad image
Technology MagazineTechnology Magazine
Aa
  • News
  • Business
  • Gear
  • Reviews
  • Games
  • Science
  • Security
Search
  • Home
  • News
  • Business
  • Gear
  • Reviews
  • Games
  • Science
  • Security
Have an existing account? Sign In
Follow US
Technology Magazine > Security > One of 5G’s Biggest Features Is a Security Minefield
Security

One of 5G’s Biggest Features Is a Security Minefield

Press room
Press room Published August 9, 2022
Last updated: 2022/08/09 at 11:12 PM
Share
SHARE

True 5G wireless data, with its ultrafast speeds and enhanced security protections, has been slow to roll out around the world. As the mobile technology proliferates—combining expanded speed and bandwidth with low latency connections—one of its most touted features is starting to come into focus. But the upgrade comes with its own raft of potential security exposures.

A massive new population of 5G-capable devices, from smart city sensors to agriculture robots and beyond, are gaining the ability to connect to the internet in places where Wi-Fi isn’t practical or available. Individuals may even elect to trade their fiber optic internet connection for a home 5G receiver. New research that will be presented on Wednesday at the Black Hat security conference in Las Vegas, though, warns that the interfaces carriers have set up to manage internet of things data are riddled with security vulnerabilities they fear will dog the industry long term.

After years of examining potential security and privacy issues in mobile data radio frequency standards, Technical University of Berlin researcher Altaf Shaik says he was curious to investigate the application programming interfaces (APIs) carriers are offering to make IoT data accessible to developers. These are the conduits applications can use to pull, say, real-time bus tracking data or information about stock in a warehouse. Such APIs are ubiquitous in web services, but Shaik points out that they haven’t been widely used in core telecommunications offerings. Looking at the 5G IoT APIs of 10 mobile carriers around the world, Shaik and his colleague Shinjo Park found common, widely-known API vulnerabilities in all of them, and some could be exploited to gain authorized access to data or even direct access to IoT devices on the network.

“There’s a big knowledge gap, this is the beginning of a new type of attack in telecom,” Shaik told WIRED ahead of his presentation. “There’s a whole platform where you get access to the APIs, there’s documentation, everything, and it’s called something like ‘IoT service platform.’ Every operator in every country is going to be selling them if they’re not already, and there are virtual operators and subcontracts, too, so there will be a ton of companies offering this kind of platform.”

The designs of IoT service platforms aren’t specified in the 5G standard and are up to each carrier and company to create and deploy. That means there’s widespread variation in their quality and implementation. In addition to 5G, upgraded 4G networks can also support some IoT expansion, widening the number of carriers that may offer IoT service platforms and the APIs that feed them.

The researchers bought IoT plans on the 10 carriers they analyzed and got special data-only SIM cards for their networks of IoT devices. This way they had the same access to the platforms as any other customer in the ecosystem. They found that basic flaws in how the APIs were set up, like weak authentication or missing access controls, could reveal SIM card identifiers, SIM card secret keys, the identity of who purchased which SIM card, and their billing information. And in some cases, the researchers could even access large streams of other users’ data or even identify and access their IoT devices by sending or replaying commands that they shouldn’t have been able to control.

Press room August 9, 2022
Share this Article
Facebook TwitterEmail Print
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

You Might Also Like

Security

India Shut Down Cell Service for 27 Million During a Manhunt

6 Min Read
Security

The TikTok Hearing Revealed That Congress Is the Problem

4 Min Read
Security

TikTok Paid for Influencers to Attend the Pro-TikTok Rally in DC

4 Min Read
Security

Some Photo-Cropping Apps Are Exposing Your Secrets

4 Min Read
  • Review
  • Top Lists
  • Contact
  • Privacy Policy
  • Terms of use

We influence 20 million users and is the number one business and technology news network on the planet.

I have read and agree to the terms & conditions

Contact US

  • Contact Us
  • DMCA
  • Editorial Policy
  • Advertise

Quick Link

  • Gear
  • Games
  • Security
  • Reviews

© 2022 Technology Magazine. All Rights Reserved.

Follow US on Socials

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Lost your password?