Four US Intelligence agencies warn about attacks in which cybercriminals and nation-state adversaries exploit 5G networks for gathering intelligence. Attackers successfully compromise networks due to vulnerable supply chain points, inadequate implementation of telecom standards, and weaknesses in system architecture.
Such flaws in 5G networks make organizations relying on them lucrative targets and pose major cybersecurity risks.
On Monday, the US National Security Agency (NSA), the Office of the Director of National Intelligence (ODNI), the Department of Homeland Security’s (DHS) Cybersecurity, and Infrastructure Security Agency (CISA) published an analysis that identifies and assesses risks and vulnerabilities introduced by 5G adoption.
“As new 5G policies and standards are released, there remains the potential for threats that impact the end-user,” the report said. “For example, nation states may attempt to exert undue influence on standards that benefit their proprietary technologies and limit customers’ choices to use other equipment or software.”
The agencies say adversarial nations are trying to influence the development of technical standards in order to pave the way for adopting untrusted proprietary technologies that could be difficult to update, repair, or replace.
The report also mentions that the optional security controls in telecommunication protocols that may not be implemented by network operators leaving the door open to malicious attacks.
NExt, the agencies describe the risks connected to the flaws in the supply chain. Components from third-party suppliers could be counterfeit, compromised, or infected with malicious code during the development process, so that threat actors can exploit these flaws later.
“Compromised counterfeit components could enable a malicious actor to impact the confidentiality, integrity, or availability of data that travels through the devices and to move laterally to other more sensitive parts of the network,” according to the analysis.
According to experts, weaknesses in the 5G architecture itself could lead to a variety of attacks. The need to support the 4G legacy communications infrastructure, for example, presents its own inherent flaws that could compromise the whole network.
In addition, the analysis describes risks currently linked with spectrum sharing on 5G networks:
“To reach its potential, 5G systems require a complement of spectrum frequencies (low, mid, and high) because each frequency type offers unique benefits and challenges,” the report detailed. “With an increasing number of devices competing for access to the same spectrum, spectrum sharing is becoming more common. Spectrum sharing may provide opportunities for malicious actors to jam or interfere with non-critical communication paths, adversely affecting more critical communications networks.”
Highlighting weak policies and standards and flaws in supply chain and 5G systems architecture, agencies say policymakers and manufacturers must evaluate risks posed by transitioning to the new wireless technology to ensure the deployment of secure and reliable 5G infrastructure.