With 5G reshaping the smartphone market, 5G security needs to keep up. Almost one in three smartphones sold in the first quarter of 2021 can connect to a 5G network. That’s just one year after the world’s first commercial 5G network emerged in South Korea. Such growth helped annual shipment numbers of 5G-enabled smartphones exceed 200 million units in just one year. That’s four times as long as it took 4G to reach the same milestone. With that growth comes risks, too.

An Overview of 5G Security Risks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) examined three such threat vectors as part of the Enduring Security Framework’s 5G Threat Model Working Panel. First, it took a look at Policy and Standards. It found networks could be more open to digital attacks if network operators fail to implement optional 5G security controls. Next, 5G Systems Architecture, another threat vector identified by CISA, shows some built-in problems. Threat actors could exploit vulnerabilities affecting devices and infrastructure to disrupt networks and steal critical data exchanged between users.

The last threat vector, Supply Chain, is of major concern to businesses and agencies themselves because it’s a double-edged sword. On one side, 5G enables users to share data more quickly with new tech that 4G networks can’t handle. On the other, this contributes to making networks more complex, meaning it’s easier for threat actors to sneak into the network. It also makes it more difficult for defenders to do their work, as they don’t always know someone could access their crown jewels. Now, they need to focus less on a corporate intranet and more on service providers, vendors, suppliers and partners.

How to Augment 5G Security

With 5G on the rise, you can’t afford to take a reactive approach. After all, 5G is brand new. It’s moving too quickly and it’s bringing new challenges that many of them haven’t seen before.

Instead, you can take a proactive response like threat modeling. One of the central benefits of threat modeling is its potential to help the entire business by pushing key stakeholders to take a second look at how the business works. It takes into account the fact that threats continue to evolve. As such, it steers away from getting comfortable in an outdated risk profile. Instead, businesses can move towards “living security documents” that they can reassess over time.

Creating a living document begins with a discussion. By sharing knowledge with each other, stakeholders can then work together. This makes it easier to create new methodologies and tools that can help to ensure you’re addressing risks in an effective way.

In the end, threat modeling is a process. It works over the long term, and needs work over the long term as well. You might need to repeat solutions so people know them well during subsequent risk evaluations and threat model analyses. That way, your team can confirm they’ve closed out associated risks in an ongoing manner. That’s the only way to find new and emerging threats, including those that 5G brings, before they find their way into their environments.

Security – A Crucial Part of 5G’s Potential Success

Threat modeling is critical in the age of 5G because it’s essential in any telecommunications revolution. If 5G is going to catch on, security teams need to prevent malicious actors from misusing it. It also means that operators need to address the privacy concerns of 5G from the start. These efforts require a proactive approach that only threat modeling can provide.

More from Mobile Security

Juice jacking: Is it a real issue or media hype?

4 min read - You get off a flight and realize your phone is almost out of battery, which will make getting an Uber at your destination a bit challenging. Then you see it — a public charging station at the next gate like a pot of gold at the end of the rainbow. As you run rom-com style to the USB port, you may briefly wonder if it’s actually safe from a cybersecurity perspective to plug in your phone. The answer is technically…

Third-party app stores could be a red flag for iOS security

4 min read - Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on devices. While this is good news for app creators and end-users, there is a potential red flag: security. Here’s what the compliance-driven change means for…

A view into Web(View) attacks in Android

9 min read - James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today