With 5G reshaping the smartphone market, 5G security needs to keep up. Almost one in three smartphones sold in the first quarter of 2021 can connect to a 5G network. That’s just one year after the world’s first commercial 5G network emerged in South Korea. Such growth helped annual shipment numbers of 5G-enabled smartphones exceed 200 million units in just one year. That’s four times as long as it took 4G to reach the same milestone. With that growth comes risks, too.

An Overview of 5G Security Risks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) examined three such threat vectors as part of the Enduring Security Framework’s 5G Threat Model Working Panel. First, it took a look at Policy and Standards. It found networks could be more open to digital attacks if network operators fail to implement optional 5G security controls. Next, 5G Systems Architecture, another threat vector identified by CISA, shows some built-in problems. Threat actors could exploit vulnerabilities affecting devices and infrastructure to disrupt networks and steal critical data exchanged between users.

The last threat vector, Supply Chain, is of major concern to businesses and agencies themselves because it’s a double-edged sword. On one side, 5G enables users to share data more quickly with new tech that 4G networks can’t handle. On the other, this contributes to making networks more complex, meaning it’s easier for threat actors to sneak into the network. It also makes it more difficult for defenders to do their work, as they don’t always know someone could access their crown jewels. Now, they need to focus less on a corporate intranet and more on service providers, vendors, suppliers and partners.

How to Augment 5G Security

With 5G on the rise, you can’t afford to take a reactive approach. After all, 5G is brand new. It’s moving too quickly and it’s bringing new challenges that many of them haven’t seen before.

Instead, you can take a proactive response like threat modeling. One of the central benefits of threat modeling is its potential to help the entire business by pushing key stakeholders to take a second look at how the business works. It takes into account the fact that threats continue to evolve. As such, it steers away from getting comfortable in an outdated risk profile. Instead, businesses can move towards “living security documents” that they can reassess over time.

Creating a living document begins with a discussion. By sharing knowledge with each other, stakeholders can then work together. This makes it easier to create new methodologies and tools that can help to ensure you’re addressing risks in an effective way.

In the end, threat modeling is a process. It works over the long term, and needs work over the long term as well. You might need to repeat solutions so people know them well during subsequent risk evaluations and threat model analyses. That way, your team can confirm they’ve closed out associated risks in an ongoing manner. That’s the only way to find new and emerging threats, including those that 5G brings, before they find their way into their environments.

Security – A Crucial Part of 5G’s Potential Success

Threat modeling is critical in the age of 5G because it’s essential in any telecommunications revolution. If 5G is going to catch on, security teams need to prevent malicious actors from misusing it. It also means that operators need to address the privacy concerns of 5G from the start. These efforts require a proactive approach that only threat modeling can provide.

More from Mobile Security

Third-Party App Stores Could Be a Red Flag for iOS Security

4 min read - Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on devices. While this is good news for app creators and end-users, there is a potential red flag: security. Here’s what the compliance-driven change means for…

4 min read

A View Into Web(View) Attacks in Android

9 min read - James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

9 min read

How the Mac OS X Trojan Flashback Changed Cybersecurity

4 min read - Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that "it doesn't get PC viruses". But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has the security of the entire world. In this post, we'll revisit how the Flashback incident unfolded and how it changed the security landscape forever. What…

4 min read

Switching to 5G? Know Your Integrated Security Controls

4 min read - 5G is a big leap in mobile technology. It presents enterprises and service providers with capabilities for advanced applications, content delivery and digital engagement anywhere. It enables businesses with new use cases and integrated security needs to have a trusted network and application/data delivery function. How does one build a secure 5G network that provides the level of trust required by users today and in the future? The Benefits of 5G 5G's new use cases come from: Customized network slices…

4 min read