5G is here, and it is definitely changing 21st century technology. The fifth generation of wireless connectivity marks a new era for devices of all kinds, serving as critical infrastructure to promote the digitization, automation and connectivity of machines, robots, smart appliances, transport solutions and more. In addition to advanced infrastructure technologies - smartphones, computers and Internet-of-Things devices are extremely prevalent in every home - and they’re getting smarter. With the increased demand for connectivity and 5G-enabled IoT devices, vendors are rushing their products to be the first on the market, trying to beat out the competition on the way. According to Statista, there will be a whopping 74 Billion connected devices by 2025. Even last month’s Black Friday deals on next generation smartphones and smart devices may very well have equipped another couple million Americans with 5G-compatible devices. But despite the excitement and hype around smart technologies, this race-to-market is creating a gaping hole where strong security and advanced technology must meet. Vendors are sacrificing security testing, allowing potential vulnerabilities to remain hidden in the backend of devices.
We all get the chills when we think of a smart car hack, but a much more likely scenario, and one we're less likely to spend time thinking about is whether your smart picture frame is secure or not. Do we care? Worst case – some malware makes it stop working, or it goes haywire, right? Well, not really. It’s true that the specific damage to a cheap, consumer electronic device isn’t such a big deal, but malicious access to any device on your network may very well allow cyber attackers to get in, move laterally, and access other devices that would otherwise be inaccessible, or harder to attack. It's more likely that hacked picture frame keeps working just fine, and now you have a threat living inside your network. In simpler days, we used to count the number of device types in a network on one hand, but today’s networks are brimming with a wide range of internet-connected devices, each with their own operating systems and vulnerabilities, and each one – a possible open door for attackers to enter and breach the network.
The colossal amount of internet-connected devices in our near future also creates an opportunity for very large-scale DDoS attacks. Attackers will be able to utilize the faster speeds of 5G to widely scan for vulnerable networks and infect huge numbers of machines. Then, they can generate massive amounts of synchronized traffic on that same speedy 5G network. IoT DDoS attacks have been around for a while, with the Mirai botnet utilizing thousands of cameras, routers, and digital video recorders to bring down websites including Twitter and the New York Times in 2016. We can just imagine the impact of a botnet attack on a network that is 10 times faster.
5G's faster speeds let attackers extract and download victim information in a much shorter time than before. Security detection solutions will have to multiply their speeds to keep up. Lower latency, increased bandwidth, and network slicing will also allow a variety of new applications not available with 4G technology, and it will come as no surprise if a new set of malware types and exploits appear for them. Security practitioners will face an even smaller window of time to detect and prevent breaches.
Securing 5G will require security companies to create an integrated approach to the different technologies and connection points. Interactions between authentication, encryption and mobility should be taken in to consideration together, with solutions built accordingly. End-to-end encryption will also be a must in ensuring IoT security in the 5G era. Companies, businesses and industries will have to understand the increased risk of 5G technology, and be mindful of their cyber-physical dependencies. To prevent a cyber security attack on their network, they will also need constantly update their IoT devices and perform network monitoring, as well as implement proactive security measures, securing the supply chain from end-to-end, and strengthen their vulnerability management processes.