5G technology is almost ready to take off in the U.S. While the upgrade was set to go live in 2020, some major cities have, or will soon have, access to the faster wireless speeds — if your device is 5G compatible (a limited few are).

That’s where some security professionals raise a red flag. According to research conducted by Positive Technologies, devices that currently run on 4G — i.e., just about everything we use — will have vulnerabilities. Internet of things (IoT) security, which is already shaky, could be particularly troublesome with the move to 5G, with a risk that the increasing number of IoT devices could end up becoming a treasure trove of botnet farms.

5G Technology Will Revolutionize Digital Transformation — And Cyberattacks

There is a lot to be excited about with 5G technology. Data sharing will be much faster, allowing all types of organizations to move more quickly and efficiently into the digital world. It will also allow for the use of digital technologies that may not be possible with 4G for some organizations. For example, Tom’s Guide pointed out that 5G can transform the learning experiences of school children by enabling augmented and virtual reality learning opportunities. In industries that require fast communications and transmissions, 5G can literally be the difference between life and death.

However, 5G is equal opportunity. All of the advantages it provides for legitimate organizations and people who see it as a way to improve both work and play are also going to be there for malicious hackers and cybercriminals. Hacking into 5G will be as simple as hacking into the web, according to the Positive Technologies report.

“The average web application contains 33 vulnerabilities, and 67 percent of web applications contain high-risk vulnerabilities,” the report stated. “Lowering the penetration threshold will pave the way for an upswing in attacks on 5G networks.”

The additional complexity allowed by 5G technology will also open more doors for threat actors to get into networks, making it more difficult for security professionals to effectively protect endpoints and data. There are concerns that 5G networks will be at greater risk of denial-of-service (DoS) attacks. And with data transmitting faster than ever, as USA Today noted, the tech could have a negative impact on organizations’ ability to maintain compliance with privacy regulations.

Addressing IoT Security in a 5G World

Still, IoT security looks to be the greatest challenge, because there will be billions of these connected devices on 5G wireless networks. Security is already an afterthought in the IoT, which makes the devices particularly attractive to cybercriminals. We are currently seeing an uptick in malware targeting the IoT, such as Silexbot, which made unsecured devices unusable. And Mirai, malware that turned web cameras into bot farms, has returned in new variants.

Because 5G technology will allow for faster, more seamless connections, reliance on the IoT across all types of organizations will increase exponentially. Smart businesses will take advantage of implementing more artificial intelligence and machine learning, from factory floors to HR departments. At the same time, if we rely on the same IoT security practices we have been using, we have to expect that hackers will hit hard, taking down these systems quickly and frequently. The more a business depends on 5G connected devices, the more at risk they are for impending downtime and security breaches.

Protecting IoT devices on a 5G network will require redefining how we think about wireless security and the overall security framework. It starts with thinking through the vulnerabilities already existing in your 4G world. Protocols will need to be updated and new standards put in place. This one step could go a long way toward stepping up security for all of the endpoints on a 5G network.

From DevSecOps to Data Privacy

Now more than ever, security is necessary in DevOps — adding a layer of security in devices from their conception. It is always better to add end-to-end encryption and other security measures from the get-go, rather than try to incorporate them after the fact, after threat actors have already infiltrated the devices on a 5G network.

Additionally, data privacy laws are new enough that most IT decision-makers, chief information security officers (CISOs) and other security leaders are still trying to figure out all the details. These laws may end up making their impact on IoT security in a 5G world, as the amount of data will not only increase, but also move at a faster rate.

When 5G truly comes online for most of us, it will be a boon to business operations and digital transformation. But if we don’t pay attention, it could also add unwanted cyber risk to the threat landscape. Organizations must improve IoT security, and their entire security framework, to avoid data breaches and other cybersecurity incidents.

More from Endpoint

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

X-Force Prevents Zero Day from Going Anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

8 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read