Fifth generation mobile networks (5G) are currently being deployed by mobile operators around the globe. 5G acts as an enabler for various use cases and also improves the security and privacy over 4G and previous network generations. However, as recent security research has revealed, the standard still has security weaknesses that may be exploitable by attackers.
In addition, the migration from 4G to 5G systems is taking place by first deploying 5G solutions in a non-standalone (NSA) manner where the first step of the 5G deployment is restricted to the new radio aspects of 5G, while the control of the user equipment is still based on 4G protocols, i.e. the core network is still the legacy 4G evolved packet core (EPC) network. As a result, many security vulnerabilities of 4G networks are still present in current 5G deployments.
The paper by Kudelski IoT Principal Security Engineer Gerrit Holtrup - co-authored with William Lacube, Dimitri Percia David, Alain Mermoud, Gérôme Bovet and Vincent Lenders - presents a systematic risk analysis of standalone and non-standalone 5G networks.
Further work is required to understand the security vulnerabilities and risks of specific 5G implementations and deployments, but we hope you'll find our work useful. Our paper can be found at https://arxiv.org/abs/2108.08700.
This paper is an example of the kind of threat assessment work Kudelski IoT does for our customers. To learn more about our capabilities, please visit https://www.kudelski-iot.com/services-and-systems/iot-security-by-design-services.