There is a lot of excitement over 5G’s promise of blazing speeds, lower latencies, and more robust security than 3G and 4G networks. However, the fact that each network operator has its own timetable for rolling out the next-generation cellular technology means early 5G will actually be a patchwork of 2G, 3G, 4G, and 5G networks. The upshot: For the next few years, 5G won’t be able to fully deliver on its promises.
The fact that 5G networks will have to interoperate with legacy networks means these networks will continue to be vulnerable to attacks such as spoofing, fraud, user impersonation, and denial-of-service. Network operators will continue to rely on GPRS Tunneling Protocol (GTP), which is designed to allow data packets to move back and forth between different operators’ wireless networks, as may happen when a user is roaming (GPRS itself stands for General Packet Radio Service, a standard for mobile data packets.) Telecom security company Positive Technologies said in a recent report that as long as GTP is in use, the protocol’s security issues will impact 5G networks.
GTP was initially introduced during the upgrade from 2G to 3G, and it remains widely used with 4G because it makes it possible to fall back to legacy technologies when a dependable, higher-speed signal is not available. Most operators have GTP so it acts as the common link to seamlessly hand off data packets across networks. When a 5G device switches to 3G or 4G, which it will inevitably do as carriers are deploying 5G in stages, it will be susceptible to attacks exploiting vulnerabilities in GTP.
GTP has a number of well-known, fundamental security flaws that leave networks vulnerable to attack. One of the core flaws is the fact that it does not validate the user’s physical location, making it possible for an attacker to spoof their traffic’s location, says Jimmy Jones, a cybersecurity expert at Positive Technologies.
Another flaw is that attackers can impersonate other subscribers, either by stealing credentials or spoofing user session data and a real phone number. Attackers can use this to access network services. The impersonated subscriber may have to pay for charges incurred, or if the attacker used fake credentials, the operator is left on the hook with no one to bill.
Lastly, an attacker can send requests to open up multiple data connections on a single access point in a denial-of-service attack. This attack exhausts the access point’s available connections, so legitimate subscribers are unable to reach the Internet. Because an operator typically supports all its subscribers in a particular region on a single node, an attack against that node could potentially knock all the subscribers in that region offline.
These vulnerabilities aren’t part of the 5G protocol, but most 5G network deployments are non-standalone, Jones said. Non-standalone means the network interoperates with legacy networks, usually via GTP.
“Faults in the GTP protocol directly impact 5G networks,” Jones said.
Every discussion of the benefits of 5G—the faster speeds and staggering amounts of data—assumes that every network, or nearly every network, is using 5G. But that’s not how telecom companies are rolling out the next generation of wireless. They are going in stages and focusing on low-band 600-MHz spectrum, primarily because the sheer size of most networks makes it impractical to do a full-scale replacement at once. It will take time to build out the infrastructure to get to that level of capacity and service, Jones said.
For at least the next few years, 5G networks will be linked to legacy networks in this way, as operators focus on building out 5G in specific areas and connecting those hotspots with a 4G backbone. For example, Verizon Communications CEO Hans Vestberg said during a recent J.P. Morgan investor conference that Verizon has been rolling out 5G in dense urban areas in the United States and will be using 4G and 3G to maintain coverage over rural areas for the time being.
Another reason 5G networks will be non-standalone for the near future is because operators are concerned about interoperability. They have different timetables on how they are going to deploy the infrastructure. Even if one carrier decides to do a wholesale replacement and go straight to 5G, other carriers that it works with may not make that same decision.
And when telecom companies finish their deployments, they’ll still need to implement additional security controls for subscriber authentication and authorization—on top of 5G’s built-in security protections—to address the security gaps in GTP, Jones said. Even when standalone 5G is in place, GTP vulnerabilities may exist because mobile technologies such as text messaging still rely on GTP.
“Transitions always seem to introduce a certain amount of chewing gum and baling wire to get stuff to work and this is one that's left over from 3G!" said Eric Hanselman, the chief analyst for 451 Research, part of S&P Global Market Intelligence.
Operators in Japan and South Korea may be finished with their 5G deployments in five years, but the pace will be slower in Europe and the United States because “there is less inclination” make the shift, Jones said.
"GTP security issues will not go away completely even after the transition to 5G standalone," Jones said.
