cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

5G is not the be-all and end-all ...

You're not as private with 5G, apparently.  Location tracking, DoS, and fake notifications can be done because of flaws in the system.  The paging system tries to reduce energy consumption, and, as always, when you try to go cheaper, security suffers.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
7 Replies
Caute_cautim
Community Champion

Why are we so ready to accept, that technologies like 5G are good for us, when plainly the equation is not balanced - the supplier wins out, and others suffer.  We need to be far more cognisant, and keep drilling below the surface to really understand the implications, not simply roll over and accept it as progress - because plainly many times it is not.

 

Regards

 

Caute_cautim

rslade
Influencer II

A bit more on security issues inherent with 5G ...

 

(Not terribly informative, but ...)


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Caute_cautim
Community Champion

True not terribly informative - but it carries on. The consequences are potentially terrible.
mgorman
Contributor II

Thinking through what I am reading here, the biggest take away I get is that for most of what is talked about, the attacked has to be in the same site at the victim.  Furthermore, with 5G, you may need to be in the same beam.  While vulnerabilities certainly may exist, these are geo fenced to a small area.  I also see a lot of shifting from the vulnerabilities in the network to the vulnerabilities the network enables, which is unfair.  If wireless networks are responsible for the poor practices of the deployers of IoT and other systems, then the Internet at large is also at fault, as well as being the problem with viruses, ransomware, IP piracy, and every other evil thing done on a network connection.

 

On the plus side, it heartens me somewhat that researchers are looking at these kinds of things.  It means that they are trying to keep the industry honest, and that they have run out of the really easy things. (Of course not true, but we can hope for the day!)

Caute_cautim
Community Champion

Absorb this latest batch of vulnerabilities around LTE used within 5 G networks and more to come - it has the attention of researchers:

 

https://www.zdnet.com/article/researchers-find-36-new-security-flaws-in-lte-protocol/

 

Regards

 

Caute_cautim

 

 

mgorman
Contributor II

When you look at the list, many of them are DOS, which I can do with an RF source pointed at the antenna, unless the details are more interesting.  It was a 2 year process to clean out the spectrum for LTE in the US from bad cable TV connections, wireless microphones, and the occasional bad fluorescent light.   Spoofing is very interesting, but I wonder how far it gets and what one can do with it, over what geography.  I spent 20 years in wireless data, and know the protocols and call flows listed.  My professional guess is that while they may have found flaws, the difficulty and limitations would make them not very risky. overall.  I could be wrong, not knowing the details here, but as a general rule, I am vastly more concerned with the data the carriers have themselves than with what others might be working to find.

rslade
Influencer II

OK, 5G is definitely going to be a problem.  But usually the problem parts are kind of unintended consequences, the "gee, we didn't think that allowing other people to run stuff on your phone could be misused" type of thing.

 

But this time, it seems to be something that might have been originally intended to be a form of security.  5G has provisions for a sort of virtual LAN type of operation.  And, almost inevitably, somebody has found out how to use it to attack.  You can crash system segments, and also extract user data.

 

Granted, you have to be in a situation where 5G is being used with older technology, but how many people will be in a "pure" 5G environment?  And a fix is being worked on, but that, of course, inevitably leads to situations where you are going to have a mix of "old" 5G and "patched" 5G, so ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468