Vulnerabilities in 5G network slicing

05 July 2021 | Silke Holtmanns

Cover

Silke Holtmanns

Blog Author | Guest contributor

Cover

Dr. Silke Holtmanns, head of 5G security research at AdaptiveMobile Security, sets out a roadmap to tracking and solving insidious data extraction attacks

5G networks have the potential to revolutionise society and dramatically alter our everyday lives. Industries will change and new business models will be created as mobile telecoms are drastically transformed. Yet 5G technology comes with significant security challenges that could lead to attacks, such as location tracking or data leakage.

With the huge increase in more sensitive and valuable data in the 5G core network comes an increase in the interest of cybercriminals, hackers and nation state adversaries in getting access to this data. A recent in-depth analysis of the design of 5G core network slicing revealed a fundamental vulnerability that has the potential to allow data access and denial of service attacks between different network slices on a mobile operator’s 5G network, leaving enterprise customers, in particular, possibly exposed to malicious cyberattack.

While 5G network slicing will without doubt be highly useful in the 5G era, it also contains massive vulnerabilities that could potentially be exploited by cybercriminals and nation state adversaries. One such example that is highly intrusive and dangerous is called user data extraction – a type of vulnerability that allows hackers to track the location of the user or extract data for blackmailing.

5G mobile device locations being tracked

Real-life location tracking attacks by mobile surveillance companies used by nation state adversaries have previously been exposed across other generations of mobile networks, including how location tracking is done via SS7, Diameter and Simjacker attacks. It is a threat vector that is already in the toolkit of surveillance companies.

With 5G, a cybercriminal comprising an edge network function connected to the operator’s service-based architecture could exploit a flaw in the design of network slicing standards to have access to both the operator’s core network and the network slices for other enterprises. The impact is that the operator and its customers are exposed to the risk of loss of sensitive location data.

The combination of more mobile operators beginning to create multiple live network slices on their networks, verticals expanding their service offerings on the 5G network and the accuracy of location tracking with 5G means the risk posed by data extraction will become even greater.

Solving the data extraction issue: filter and validate

To address this data extraction threat, we first need to take into account that there are many identities in 5G when network functions talk to each other. Those identities need to be consistent and cross-checked.

Questions need to be asked: Does this customer belong to this slice? Does this authorisation token match the IP address and the instance ID? Then, additional checks would need to be made and, most importantly, a system monitoring the implementation of these checks needs to be created.

While the complexity of 5G offers unknown flexibility, it also provides a huge challenge in configuration and security validations. Using an enhanced filtering and validation approach – combining information from different layers – protocols that also integrate external latest threat information could be a way forward.

The success of 5G depends on the integration of partners from industry but, with the introduction of many new partners on the 5G network, the risk of a compromise is much higher than ever before. The filter and validate approach allows division of the network into security zones, safeguarding the 5G core network.

Cross-correlation of attack information between those security network functions maximises the protection against sophisticated attackers, allows better mitigations and, indeed, faster detection of location tracking, denial of service attacks, data leakage and fraud.

Securing the 5G future

Following the disclosure of this vulnerability in 5G core network slicing design by AdaptiveMobile Security, the 3GPP and GSMA are working on the mitigation of vulnerabilities, including the threats posed by data extraction outlined above. But this remedial work to the standards will require some time to complete, and then even more until it is seen in product updates.

To protect mobile networks against ever-evolving threats, it is necessary to avail of the latest in threat intelligence, to monitor and filter to detect anomalies and attacks quickly, and not to rely on the year-long cycle of standards and products.

Security in 5G networks is not built-in, as we have been promised, and major vulnerabilities have already been exposed even before the technology has been deployed. To address this, the telecoms industry needs to embrace a holistic and collaborative approach to secure networks across standards bodies, working groups, operators and vendors.