Industry Urged to Prioritise Security in 5G

Posted May 2018

(Written by Michael Carroll for Mobile World Live, 31/05/2018. To read the article on the Mobile World Live website, click here)

LIVE FROM GSMA MOBILE 360 SERIES – PRIVACY & SECURITY: Steve Buck, COO and product director at Evolved Intelligence (pictured), issued a rallying call for the industry to address security flaws carried through from 2G networks when developing 5G technology.

In a keynote, Buck said too few network operators have deployed critical security measures which would help protect consumers and enterprises from hacking. For example, “a few per cent” of operators have deployed firewalls on interconnect circuits: in 5G “we need to do something about it”, he said.

The executive explained security has not necessarily improved as networks evolved from 2G through 3G to 4G. “In 2G, on interconnect security, we didn’t think about it” he noted, adding the protocols didn’t change with the rollout of 3G technology and, if anything, “we made it weaker” in 4G due to a reduction in signalling security.

There is “no security at all, really” on 4G in terms of signalling. “You can’t really tell who’s sending stuff because it just goes back the way it came.”

On the flip side “the radio protection has got better” through the technology evolution, he said.

Buck praised 3GPP for defining standards for 5G security, noting it’s better to install it from the off than attempt to retrofit.

Beyond mobile networks, IoT presents fresh security challenges. Buck believes devices are a “fundamental flaw” offering an easy point of attack and flood networks with malicious traffic.

This presents a challenge to operators, because none of them can really afford to deny an IoT device access to the network. Buck said the same level of type approval used in radio networks must be applied to IoT devices to overcome the problem, but noted “that doesn’t seem to be happening” at present.