So, 5G is one of those once-in-a-generation types of leaps that will alter how we operate. However, 5G security comes with a lot of challenges. Private 5G networks require us to look at attack surface management in a different way. How do they change the way we need to defend our data? And, what is the best way to use them safely?

5G Security for Attack Surface Management

An immediate appeal of private 5G networks is the supposed cost savings from a capital cost perspective: you no longer need to bust up concrete and cut up walls to run cables. Why the italics though? Because the usual bean-counting does not take into account a hidden but brutal cost: the breach.

They say in life two things are certain: taxes and death. Perhaps for the enterprise nowadays, these two things are certain: taxes and breaches, meaning that 5G security concerns have an impact on your breach resilience.

Yet, 5G security is something different. The U.S. Cybersecurity and Infrastructure Security Agency give a good rundown of possible 5G attack vectors:

  • Policy and standards: fast deployment has led to open standards and inconsistent use of security controls.
  • Supply chain: counterfeit components and inherited components. Devices are not always certified, meaning: do you really know what’s in your network?
  • Architecture: software/configuration (plugging in a wire is easy by comparison), network security (exploits will always be there), network slicing (no clear standards, meaning you can move laterally in an easier manner), legacy infrastructure (bringing over any previous vulnerabilities), multi-access edge computing (core elements can now be at greater risk), spectrum sharing (frequencies are scarce) and software-defined networking (threat actors just need to inject some code to unleash havoc).

How 5G Security Adds to Other Risks

These come in addition to other risks today:

  • Manageability: Lots of devices, lots of data. Think endpoint security and traffic analysis.
  • Supply chain: Think hardware and software vulnerabilities. Lots of them. Wires are pretty easy things to trust, regardless of where they are made. Wireless nodes, not so much.
  • Usage: What will the network ultimately do and what will be allowed on it? If you decide to deploy a private 5G network, can you really risk having personal devices on it?

The Possible Hidden Risks

Some of these 5G security problems exist in a private wired network, while others are new. And think for a moment what all the 5G and Internet of Things devices will do for inventory management. Is your configuration management database ready for the influx of devices? The moment it becomes easier to connect, more devices will connect.

Are you ready to take the time to whitelist every device, or will you take your chances and hope you have a tool that discovers all assets? Pro tip: knowing an asset is on the network and knowing what that asset is doing while on the network are two very different things. Monitoring all that valuable data and sifting through the noise is no easy task.

There is another attack surface issue: physical changes. If you are on a private network with no outside connections, there is some peace of mind that wires will keep the data contained. But can you really say that about a ‘private’ wireless network? Wi-Fi has been around for a while and we still see attacks happening as a result of spoofing, misconfigurations, man-in-the-middle tactics and good old-fashioned jamming. What’s stopping somebody from parking a truck near your private network and cranking up some microwaves to degrade and interfere with your network? Almost makes a direct-denial-of-service attack look state-of-the-art. And let us not forget that frequencies are already scarce to begin with.

Finally, 5G security includes privacy concerns as well. Will you allow personal devices to be a part of your private network?  What safeguards do you have in place to ensure possible personally identifiable information does not get siphoned off on a much more highly exposed network?

Business Models Change With a Private 5G Network

Private 5G networks may look great out of the gate, but there is a lot of long-term thinking that needs to be done, especially considering we still fail with the basics. There are a lot of changes happening too, which need to be considered. Work-from-home and remote work has proven to be effective, meaning the business needs for a private network change, at least in the short-term.

Will a private network add a hidden cost to your ledger? Unknown, but it is something to consider.

So is the capital spent on a private 5G network really worth it? Perhaps it is. You have to do the math: understand the business and before you take the plunge, consider all the identifiable 5G security risks and associated costs.


More from Mobile Security

Third-Party App Stores Could Be a Red Flag for iOS Security

4 min read - Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on devices. While this is good news for app creators and end-users, there is a potential red flag: security. Here’s what the compliance-driven change means for…

4 min read

A View Into Web(View) Attacks in Android

9 min read - James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

9 min read

How the Mac OS X Trojan Flashback Changed Cybersecurity

4 min read - Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that "it doesn't get PC viruses". But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has the security of the entire world. In this post, we'll revisit how the Flashback incident unfolded and how it changed the security landscape forever. What…

4 min read

Switching to 5G? Know Your Integrated Security Controls

4 min read - 5G is a big leap in mobile technology. It presents enterprises and service providers with capabilities for advanced applications, content delivery and digital engagement anywhere. It enables businesses with new use cases and integrated security needs to have a trusted network and application/data delivery function. How does one build a secure 5G network that provides the level of trust required by users today and in the future? The Benefits of 5G 5G's new use cases come from: Customized network slices…

4 min read