5G has Powerful Potential, but Security Proves Problematic

5G has Powerful Potential, but Security Proves Problematic

March 9, 2020

Synopsys Software Integrity Group Senior Product Marketing Manager Kimm Yeo discusses the industry-wide opportunities of 5G and how organisations can help secure it.

5G is anywhere from 10 to 100 times faster than a typical 4G connection, depending on whether you’re citing theory or practical reality.

But speed is not its only selling point. Promotions for the next-generation 5G cellular technology also note that it has 1,000 times the capacity of 4G and delivers 10 times less latency, which is another version of faster. As in, you can do more and more things in real time.

Still, these are not the only reasons Synopsys Senior Product Marketing Manager Kimm Yeo is excited about 5G.

According to Yeo, the general public tends to perceive 5G as just another mobile broadband speed enhancement, and argues that it is much more.

“Defensics supports more than 250 different types of protocols, from network protocol fuzzing to file format, web, API, device drivers, and so on. It shows our level of commitment to our customers and their fuzzing needs. We are the only commercial fuzzer that provides that level of support and assurance, with our large number of predefined test suites and a separate SDK [software development kit] so teams can easily define, fuzz, and test both their commercial and custom proprietary protocols,” says Yeo.

Yeo says the implications of 5G for consumers, businesses, and nations go well beyond speed, claiming it will have a significant impact on convenience, privacy, safety, and security.

The potential is staggering. Yeo quotes one forecast from 2020 to 2026, whereby 5G is expected to grow from USD 5.54 billion to 668 billion. In other words, the 5G industry will have a 122% annual growth rate.

“We are talking emerging use cases beyond imagination. At the commercial and industrial level, 5G offers a new way to monitor the performance of critical operations that require high-speed, ultra-reliable, low- to zero-latency performance,” says Yeo.

Examples of those include critical surgery, smart surveillance, and utility management, massive machine-to-machine communications such as vehicle-to-vehicle, smart cities, and smart traffic.

As IoT is forecast to include more than 75 billion devices by 2025, at a consumer level, Yeo says this will involve wearables, digital lifestyles and entertainment.

“[Again, expect] entertainment beyond imagination — it’s a really broad range. It is a technological leap that will transform all business models. It will redefine entertainment, communication, and how businesses and consumers connect to the internet globally,” says Yeo.

How to build security into 5G

A second reason for excitement is that from the early stages, there are solutions to build security into 5G, such as 5G protocol fuzzing with Defensics.

Besides the current generation of 3G/4G LTE cellular and wireless networks, Defensics has recently released 5G test suites, and enhanced 3G / 4G test suites for businesses building the 5G network equipment and infrastructure, and as well as operators with plans to roll out devices and services supporting the 5G network.

“Fuzzing is a great way to perform negative testing, as you can enter an unlimited number of random, malformed inputs to test the robustness, safety, and security of systems, apps, and services before they are released. It is used to uncover any unknown vulnerabilities and potential zero-day attacks that can lead to product recalls, brand damage, litigation, and more, not to mention taking considerable time and money to repair and replace,” says Yeo.

According to Yeo, brands leading the 5G revolution are  Ericsson and Huawei.

“That means products and infrastructure is needed to support them. We have seen a ramp-up of activities in the past year, among mobile carriers, with 5G plans from AT&T, T-Mobile, and Verizon. It is not going to stop here. It won’t be long before other adjacent industry players such as device makers, chipset firms, and cloud/edge computing look into supporting 5G. Cloud / edge computing providers looking to offload the cellular network traffic and bring the capability faster and closer to the content source and users will find 5G helps to further reduce latency and improve overall performance and quality,” says Yeo.

Yeo says the growth in 5G compatibility is well underway.

“In just six months, from last March to October, the Global Mobile Suppliers Association reported that the number of devices that will support 5G had grown from 38 to 172, from 71 vendors. They’re not all commercially rolled out yet, but we’re not just talking mobile devices. It’s also PCs, laptops, tablets, drones, routers, robots, displays — everything that requires it,” says Yeo.

With regard to 5G security and standards Yeo says as is the case with any next-gen technology, there are risks and uncertainties.

“Among uncertainties, the jury is still out with regard to cellular vs. wireless rate of adoption — 5G vs. Wi-Fi 6. Also, 5G standards are relatively young. The specifications are still evolving and being defined by standards bodies such as 3rd Generation Partnership Project. We are actively monitoring and tracking the evolving specifications as defined by 3GPP to ensure that Defensics gets updated accordingly,” says Yeo.

Greater connectivity means a greater attack surface. Yeo claims 5G will bring more security risks than the current generation of cellular technology.

“In recent years, we have seen some of the potential exploits with 4G LTE. About a year ago, a team of South Korean researchers found 36 security vulnerabilities in networks through the use of fuzz testing. With the coming increase in connectivity and smart everything, it’s going to open the door to more attack surfaces that will be very difficult to anticipate and prevent,” says Yeo.

Among those major attack surfaces include: cyber-physical systems, which can be targets of both attacks and espionage, telco networks using specialised equipment, which can be targeted by malware and, IoT connected digital systems. Yeo claims all these may affect both national security and consumer privacy.

“It is not enough to rely on traditional application security testing tools, which detect only known vulnerabilities. We definitely will need fuzzing, because it’s the only way you can do negative testing. Fuzzing involves inputting massive amounts of random data to a test subject. The goal is to crash a system, equipment, or a service and thereby expose unknown vulnerabilities. Security is coming to the forefront for policymakers. They recognize that 5G is going to be higher risk, and they know there is no way to catch an unknown. You don’t know what you don’t know, so you need to fuzz,” says Yeo.


Leave a Reply

Your email address will not be published. Required fields are marked *