pinit_fg_en_rect_red_20 GEN - The History of Cellular Network Security Doesnt Bode Well for 5G

Theres been quite a bit of media hype about the improvements 5G is set to supposedly bring to users, many of which are no more than telecom talking points. One aspect

of the conversation thats especially important to get right is whether or not 5G will bring much-needed security fixes to cell networks. Unfortunately, we will still need to be concerned about these issuesand morein 5G.

Past security flaws in the design of cell network infrastructure are being used for everything from large scale SMS spamming to enabling dragnet surveillance by law enforcement and spying in DC via cell site simulators (a.k.a. Stingrays, IMSI-catchers). Longtime cell network security researcher Roger Piqueras Jover has recently published a short but comprehensive reflection on the history of the cell security research that uncovered much of those flaws, and with it, his view of the security outlook for 5G.

Jover draws attention to how rapidly the field of cell network security research has been accelerating. It took researchers over 10 years after GSM was first standardized and deployed to find the first security flaws in the GSM (2G) protocol. For LTE (4G), it took approximately 7 years. Fast forward to the 5G standard, which was finalized in March 2018. While there are currently no commercial implementations of 5G widely in use yet, researchers have already discovered over 6 critical security flaws in this new protocol.

Standardization efforts simply arent keeping up with the rapid rise of critical security flaws. The group responsible for maintaining the standards and incorporating security fixes (the 3GPP) primarily consists of big players in the telco industry, who dont have much incentive to come up with and incorporate the critical user privacy fixes that are needed.

On the positive side, Jover points out that there are increasing efforts from researchers to explore potential fixes for many of the security problems in cell networks. In the recent past Ericsson has stepped up their efforts to fix some of the vulnerabilities in 5Gs identification and authentication procedures (i.e. the process that takes place between a mobile phone and a cell tower when each is verifying the other is who they claim to be). Similarly, researchers recently published a proof-of-concept paper proposing a PKI (public key infrastructure) & digital certificate system for the connection between mobile phones and cell towers (similar to SSL certificates and HTTPS).


Despite these efforts, for real change to take place, it must come from within: the 3GPPs biggest players need to embrace the work required to fix the fundamental flaws that have plagued cell networks for years. Until then, our mobile devices are still vulnerable to being caught up in dragnet and targeted surveillance attacks. As it stands, 5G wont be any sort of panaceafor increasing security, for improving wireless accessibility, or for solving the issues of broadband monopolies that contribute to each of these.