What the military can teach us about combatting 5G attacks
By Morey Haber, CISO and CTO of BeyondTrust
5G is expected to provide connectivity to everything while performing data transfers at speeds that far exceed anything we have seen in the past. It’s heralded as the disruptor of mobile device technology, overthrowing 4G, LTE, and older 3G and 2G technologies. Home and commercial broadband and internet access is set to transform, not requiring cable, satellite, or even fibre to provide high-speed access. On top of this, we will see new applications for information sharing emerge between devices, people, transportation, infrastructure, and automation.
Overall, 5G promises a new golden age of communication and barring privacy and government restrictions, anything and at any time, can be connected via high speed communications. However, the security ramifications are a potential concern for everyone and everywhere.
According to Verizon wireless, the throughput of 5G will peak at 10Gbps and will be accessible to devices traveling at 310 mph. This means any 5G-enabled device – mobile phone, IoT, and other—will be able to transmit or receive incredibly large quantities of data, even when traveling at speeds above any land-based transportation, and nearly half the speed of a commercial airplane. This creates a new attack vector for threat actors that the world has not seen before. For example:
- Large quantities of data can be exfiltrated from an organisation in a few seconds via a 5G-enabled device.
- Large quantities of data exfiltration no longer require hacking the cloud, removable media, nor egressing data via a firewall. They can route through a cellular network with a malicious 5G device that has access to an organisation’s information.
- Threat actors can now use “true drive-by” hacking techniques to communicate with rogue or compromised 5G devices to exfiltrate data, perform command and control, or maintain a persistent presence because communications to compromised or rogue 5G devices can occur at high velocities.
- Finally, 5G represents a new attack vector for Distributed Denial of Service attacks (DDoS). Due to the high bandwidth, low latency (up to 120x less than 4G), mobile nature, and potential difficulty with tracking geolocation due to privacy settings from carriers, infected 5G devices could be the largest botnet to attack “anything” since the Mirai Botnet.
These challenges should not stop the deployment of 5G. In fact, enterprise cyber defences for these new types of attacks may begin to employ certain military tactics. These include:
- Using “jammers” to block communications from within sensitive networks and buildings that may allow access to data via traditional wired or wireless networks. While these are considered illegal today, changes will be required to protect sensitive environments, especially government installations.
- For the most sensitive environments, organisations may want to consider deploying a “no electronic device” allowed policy before entering a data centre or network-accessible building. This typically requires that all staff and visitors store all of their electronics in a secure locker before entering a building. This should help reduce the risk of a threat actor bringing in a rogue 5G device, but it does not eliminate the threat if they conceal the device and it is small enough (i.e. a raspberry PI enabled with 5G, ethernet, and hacking software)
- Organisations may also consider a commercialised electromagnetic pulse generator (EMP) to “fry” any electronics in a staging room before a user enters the secure area. This is a technique that governments have been using to protect against hostile surveillance equipment for years.
While the threat of hacking using 5G is very real, organisations may also want to adopt one simple additional policy. No bridging of 5G-enabled devices to the corporate network. That is, if your device is 5G-enabled, do not allow wired, cellular, and wireless connections to be active at the same time. While this is not perfect, it does prevent a 5G device from becoming that gateway into a network.
5G will change our lives—the benefits it confers are currently unrealised and some new ones solely up to our creativity. But, with tremendous amounts of data and speed pervasively available, it will necessitate the right security and judicious policies. If you consider over 400 million 5G-enabled devices are expected to be shipped in 2022 alone, hacking the devices will become a new attack vector for a persistent presence and potentially the source of innovative hacking campaigns.
It is therefore reasonable to assume that these attacks will require new threat mitigation strategies and our understanding on how to defend against these mobile high-speed threats will have to evolve too. In some ways, this all represents a security theme that’s been repeated over and over, leading us now to a new phase of hyper-acceleration of data theft based on the convenience and promise of a new technology high speed mobile communications technology – 5G.