German security researchers recently joined tech companies such as Microsoft and NEC in their concerns about the security, and maybe the too-fast adoption of critical 5G technologies, IEEE Spectrum reports. In July, Karsten Nohl, founder of Berlin-based Security Research Labs, revealed at the May Contain Hackers 2022 event that his team managed to breach live 5G networks in a series of “red teaming” exercises. These are when a company hires hackers to test their network defense systems. Nohl said his team was able to take over the network in most cases, which would have allowed them to steal customer data or disrupt their operations.
Why 5G networks can be hacked
Poorly configured cloud technology played a big role in why these hacks were possible, according to IEEE Spectrum. Cloud technology is a key component in 5G networks, but a lot of telecom companies don’t have much experience in protecting their systems, Nohl said. His team found that operators hadn’t applied even basic cloud security techniques that could help shield their systems from hacks.
“5G has swept over telcos with all its implications, and nobody seems well prepared,” Nohl said during the conference. “We are introducing new technology into mobile networks, and those technologies can greatly enhance the security of our mobile networks. Or they can basically destroy any hacking resistance we’ve built up over the years. People are not aware of those choices.”
In the past, mobile operators have looked to vendors such as Nokia, Ericsson and Huawei and their proprietary hardware to build their networks. The recent push to virtualize network functions, which includes copying key components in software so they can run on generic hardware or in the cloud, comes with benefits, but also makes 5G networks more complex, Nohl said.
As 5G networks become more complicated, the need to automate network management increases. Additionally, when software and services from different companies are being used, more people get involved with development. This leads to more chances for errors and misconfigurations. And when the window opens for mistakes, it becomes a lot easier to break into these virtualized networks.
What’s at risk when 5G networks are hacked
Some of the entry points Nohl’s team found during the red teaming exercise included a backdoor that had been posted on the Internet, and an old development site that was left online accidentally.
However, Nohl noted that how easily hackers can get into a network isn’t the biggest issue. The main problem is the level of difficulty involved with breaking through from the initial foothold to something that’s of real value within that network.
Nohl’s team was concerned with how easy it was to move deeper into the networks they test. Poorly configured “containers,” self-contained packages that house an application and all components needed to run it so it can be used on any hardware, were the primary reason it was so easy to hack and navigate the company’s network.
These containers are a vital piece of the cloud because they let different companies’ or departments’ apps run alongside one another on the same servers. Containers should be separated from each other, but poor configuration leaves them vulnerable for “break ins” and hackers can access other containers or the host system. Nohl and his team found misconfigured containers and did exactly that, IEEE Spectrum reports.
How 5G hacks can be prevented
Inexperience is a key factor in why companies struggle to keep their networks secure, but it’s not the only one, Nohl said. Unfortunately, some telecom companies are also taking shortcuts such as “lifting and shifting” pre-existing software components into containers. When this happens, a lot of the settings meant to separate containers from each other keep the software from working properly. Meanwhile, developers are removing these protections instead of rewriting code.
“Those shortcuts we see everywhere now,” Nohl said.
“Network operators are having to move into a new operating model that’s significantly different than what they’ve done in the past,” Eric Hanselman, chief analyst at 451 Research, told IEEE Spectrum. “The reality is that telcos have never had to deal with these levels of software development or low-level infrastructure management before. They always rely on their suppliers for this.”
As Open RAN becomes more prominent and networks are being virtualized and “cloudified,” operators are gaining more choice and functionality, but they also find themselves in the unfamiliar role of system integrator and are suddenly in charge of securing the supply chain.
Xavier Costa Pérez, head of 5G networks R&D at NEC Laboratories Europe, isn’t as sure that operators are falling behind when it comes to 5G security, however, IEEE Spectrum reports. Costa Pérez noted major enterprises are investing in security and teaming up with cloud providers to leverage their security expertise.
“It’s critical for survival, so I don’t think it’s taken lightly at all,” he said.
Costa Pérez also noted that highly virtualized networks currently account for less than 10 percent of the 5G infrastructure. Plus, operators have backup 4G networks that they can switch to if an issue arises.
On the other hand, Dmitry Kurbatov, cofounder of telecom security startup SecurityGen, said he believes security “often appears to be an afterthought” instead of being part of the development process from the beginning.
“I saw it many times when security teams were invited to the party when all is done and almost finished,” he said. “The security guys have a very short time slot in order to fine-tune it — if they are actually allowed to touch it.”
Despite this, Kurbatov is optimistic about the move to 5G, Spectrum IEEE reports. His positive outlook stems from the fact that operators can take charge when it comes to their network security. In the past, they were forced to trust their vendors.
“You actually can have full visibility and control over (5G) systems and functions, which means now you have the chance as the network owner to be much more secure,” Kurbatov said.