Go back to Insights >
Smart Cities

White Paper: Exploring 5G System Security & Weaknesses

Fifth generation mobile networks (5G) are currently being deployed by mobile operators around the globe. 5G acts as an enabler for various use cases and also improves the security and privacy over 4G and previous network generations. However, as recent security research has revealed, the standard still has security weaknesses that may be exploitable by attackers.

Christopher Schouten
Christopher Schouten
Sr. Director Marketing, Kudelski IoT
Updated on
June 13, 2023
Tweet this
The twitter symbol

In addition, the migration from 4G to 5G systems is taking place by first deploying 5G solutions in a non-standalone (NSA) manner where the first step of the 5G deployment is restricted to the new radio aspects of 5G, while the control of the user equipment is still based on 4G protocols, i.e. the core network is still the legacy 4G evolved packet core (EPC) network. As a result, many security vulnerabilities of 4G networks are still present in current 5G deployments.

The paper by Kudelski IoT Principal Security Engineer Gerrit Holtrup - co-authored with William Lacube, Dimitri Percia David, Alain Mermoud, Gérôme Bovet and Vincent Lenders - presents a systematic risk analysis of standalone and non-standalone 5G networks.

  • We first describe an overview of the 5G system specification and the new security features of 5G compared to 4G.
  • Then, we define possible threats according to the STRIDE threat classification model and derive a risk matrix based on the likelihood and impact of 12 threat scenarios that affect the radio access and the network core.
  • Finally, we discuss possible mitigations and security controls. Our analysis is generic and does not account for the specifics of particular 5G network vendors or operators.

Further work is required to understand the security vulnerabilities and risks of specific 5G implementations and deployments, but we hope you'll find our work useful.

Our paper can be found at https://arxiv.org/abs/2108.08700.

This paper is an example of the kind of threat assessment work Kudelski IoT does for our customers. To learn more about our capabilities, please visit https://www.kudelski-iot.com/services-and-systems/iot-security-by-design-services.