5G is just around the corner. With its blazing fast speeds and lower latency, the way we use technology is bound to change forever and in every way. As these fascinating developments unfold, security will have to undergo significant changes as well. But will the arrival of 5G technology be a boon to security or present a whole new set of problems for the industry to address?

Do some digging, and you’ll find conflicting schools of thought about 5G security. On one hand, research from Ericsson asserts that security has been built into 5G from the ground up; on the other, an Inverse report warns that 5G’s inevitable internet of things (IoT) wave could create massive security headaches.

Is there cause for concern, or will this be business as usual?

Prepare for Broad Upgrades

Let’s start with the positives. Security considerations aside, it’s hard not to marvel at the potential applications that 5G will pioneer. Holograms via mobile? Check, according to CNET. Augmented (AR) and virtual reality (VR) on a mobile network? Check, according to Forbes. The same goes for boosts to self-driving cars, remote medicine and especially the Internet of Things (IoT), according to USA Today.

As for security, the Ericsson white paper underscored five core properties built into 5G networks: resilience, communication security, identity management, privacy and security assurance.

According to the paper, “5G security provides a level of trustworthiness that enables the 5G system to meet the requirements of the vast majority of these use cases from the end user, service provider, and regulatory perspectives. The trustworthiness not only originates from a set of security features, but also from system design principles and implementation considerations that have all been applied with a holistic and risk-based mindset.”

Game-Changing Distinction, Game-Changing Risks

Rod Soto, director of security research for Jask, said he has kept track of the security ramifications of 5G and maintained that it’s still a work in progress. One security aspect that stands out, however, is network slicing.

“I think this will be fundamental for 5G deployment: the capacity for different networks and services to share the same infrastructure but be isolated and segregated from each other,” Soto said. “This is very important as we are looking at devices that will process sensitive information from public safety, critical infrastructure and health care.”

Soto hopes the new standards address both past and current threats, such as international mobile subscriber identity (IMSI) catchers and distributed denial-of-service (DDoS) attacks, since the higher bandwidth and faster speeds may amplify threats under 5G.

Scale Security to Rapid Growth

Due to these same qualities, the further escalation of IoT devices is imminent, and this will expand the already oversized attack surface. For Soto, there’s a serious business concern that this technology will allow the addition of billions of connected devices, potentially without proper network isolation, segmentation or a shared system of verification and trust.

“5G may become a technology that enables larger and more destructive attacks,” he warned. “It will have to deal with the current vulnerabilities and flaws we see on the internet infrastructure as well. It is important that 5G does not become an attack enhancer — think of bigger botnets, faster exfiltration of data and privacy violation.”

If you think we’re struggling with privacy issues now, according to Soto, 5G may exacerbate things. Consider all the IoT appliances we’ve already hooked up to our home and business networks; all the security cameras and devices we hope will protect us could be making us more vulnerable.

“Current and new home technologies will reach deep into what we say, what we eat, what we do,” said Soto. “5G does not eliminate internet technology flaws, and, in my opinion, may enhance them.”

How to Build Next-Generation Security for 5G Technology

What can enterprises do to prepare for this new technology? First and foremost, like any technology, embrace it with caution. No matter how convenient it may seem to connect something to your network, it is critical to ensure secure deployment above all else.

“If this new technology does not provide a high level of isolation [and] segmentation from the rest of the world … it should not be adopted without the proper mitigations, as it will likely enlarge the attack surface and damage,” Soto said. “Things such as smart city technologies and critical infrastructure sectors such as transportation will be prime targets.”

For 5G to flourish from a security standpoint, Soto said its new standards must correct past security flaws. If they’re unable to do so, adopting this technology should be understood as accepting higher risk.

“As we embrace and get used to new standards of bandwidth, we will allow new technologies and machines [to] do tasks that we will, in turn, depend on heavily and become vulnerable, specifically in things such as self-driving cars or medical technology that requires always-on monitoring,” he said. “Infrastructure failure could prove to be very harmful.”

We need to understand that the more connected we are, the more vulnerable we are. Let there be no confusion: As a new technology, the security built into and around 5G is impressive. The problem is that all the benefits it brings also expose and amplify the security issues we’ve been facing since the dot-com boom.

More from Endpoint

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

X-Force Prevents Zero Day from Going Anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

8 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read