Warning against the vulnerabilities of the high-speed 5G telecom network, papers submitted at a key security meet have noted that it can provide an excellent platform for middlemen and agents for creating linkages for crimes such as drug trafficking, human and organ trafficking, money laundering and terror financing.
The papers, written by some Indian Police Service officers, were submitted at the just-concluded conference of director generals of police (DGPs) and inspector general of police (IGPs), attended by Prime Minister Narendra Modi. The papers noted that the 5G network is built on easily accessible and open Internet protocols and it inherit all the vulnerabilities of previous generations which make it vulnerable to cyber-attacks and compromising the security of the entire system.
The IPS officers who wrote the papers suggested that a reserved 5G bandwidth and highly secured equipment should be developed proactively for sensitive government related communications and for military usage and only approved and authenticated firms with the least cyber risk or with maximum safety protocols should be allowed to work in for the government agencies. “With crypto currencies and decentralised banking systems gaining further popularity using the real-time 5G networks, the linkages and financial trail will be difficult to trace.
“The 5G can provide an excellent platform for the middlemen and agents for creating linkages for crimes like drug trafficking, human and organ trafficking, money laundering, terror financing, etc.,” the papers said. Apart from the prime minister, the three-day annual conference was attended by Union Home Minister Amit Shah, National Security Adviser Ajit Doval and about 350 top police officers of the country last week-end.
The 5G network core is built on easily accessible and open Internet protocols such as HTTP and Transport Layer Security (TLS). In a Network-Slicing environment, different sub-networks will have different natures of cyber security. Keys for radio interface encryption are delivered across unsecured routes. Vulnerabilities such as IDOR (Insecure Direct Object Reference) could arise.
“The Telco cloud is vulnerable to cyber-attacks, which can compromise the security of the network and the data stored in the cloud,” the papers said. Due to network function virtualisation (NFV), criminals can employ or execute attacks to access and even alter telephone numbers (target lists) to be monitored.
There are several improvements in 5G that support such remote control functions like drones, robotic surgery, etc. but criminals can exploit this aspect too.
Another issue in 5G is the operations of edge computing where processing is done at decentralised inter-communicating nodes close to the user network. This furthers the problem of data collection for security establishments as there is no central node through which data passes.
The papers said the 5G can support millions of Artificial Intelligence (AI) based Internet of Things (IoTs) and devices per square kilometer thus resulting in a massive increase in attack surface for cybercriminals.
Cyber crimes like mobile network mapping, distributed denial of service, draining battery, service degradation, mobile IMSI capture, malware injection, CnC creation, intercepting communication, DNS spoofing, uplink, and downlink impersonations, etc. may be easier to carry out, the papers said.
“During the initial transition phase, future 5G networks will inherit all the vulnerabilities of previous generations.” There is a chance that end-to-end encryption (E2ER) will be included in the standard during the upcoming standardisation process, which is a challenge for law enforcement agencies. The IPS officers wrote that the 5G equipment manufacturers will try to sell the valuable data to the marketers for targeted advertising and this should be monitored to make sure it doesn’t fall into the wrongs hands.
Holistic cyber security is the only solution to this new 5G created ecosystem. Starting from core devices to network layers IoTs and user’s mobile or appliances, everything should be seen as a potential attack point. Suggesting safeguards, the IPS officers noted that the consumer education on IoT security is necessary and equipment should be purchased from trusted sources and not from suspicious sources like China.
“The mobile operators need to adopt a hybrid cloud-based approach where sensitive data is stored locally and less sensitive data stored in the cloud. There is a need for network operators to be alert to the need for resilience of their infrastructure to power outages, natural disasters, misconfiguration etc.,” the papers said.