View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
November 21, 2019updated 29 Jun 2022 9:37am

European Security Agency Details 58 5G Security Threats in New Report

“Inadequate policies in the management and protection of critical configuration data may lead to unpredictable system behaviour"

By CBR Staff Writer

Today the European Agency for Cybersecurity (ENISA) released a robust report that details a disconcerting 58 viable threats and attack vectors within the 5G network infrastructure currently being rolled out across Europe.

The comprehensive aggregation of the threat landscape for 5G networks covers everything from core network vulnerabilities to virtualisation threats. The report also notes that protecting personal data is set to get tougher the further 5G reaches: “Growing concerns over availability and protection of user data and privacy will exacerbate with the security challenges introduced 5G.”

The report comes just a month after the European Commission issued an EU-wide warning and risk assessment relating to 5G security threats. (Today’s report will be followed by a “5G toolbox”, produced by the NIS Cooperation group and EU member states with ENISA support.)

In last month’s report the EU warned that 5G possess “a major security challenge” and a “new security paradigm”. The ENISA report, published today, adds a more detailed breakdown of the risks.

(The EU estimates there will be 1.5 billion 5G users by 2024.

5g network threats

Credit: ENISA

Core 5G Security Threats

A key concern is that bad actors will abuse the 5G network architecture’s heavy reliance on application programming interfaces (APIs).

ENISA is warning that even one small compromise of an API in the 5G core can put the whole network at risk.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“It is important to highlight that 5G infrastructure will rely on COTS solutions that extensively use open source APIs…The exploitation can target different types of API naming internal network functions, internet working interfaces, roaming interfaces, etc. exposed in different layers of the network.”

The manipulation of network configuration data by threat actors is a huge issue that could affect the security and integrity of the network. In this scenario hackers would compromise a network component such as a SDN controller, orchestration or network function in order to reshape configuration data so they can launch more critical attacks.

ENISA notes that: “Inadequate policies in the management and protection of critical configuration data may lead to unpredictable system behaviour and unauthorised access to critical platforms, with impact on the confidentiality and integrity of the network.”

Other core network threats detailed by ENISA include the malicious diversion of traffic, side-channel attacks, memory scraping and the abuse of lawful interception function. The latter in that list involves a hacker intercepting information in the network that belongs to a law enforcement monitoring facility, so needless to say these aren’t inconsequential threats.

Edge gateways

Edge gateways which process and transmit data from edge devices are open by nature and will see increasing use with the establishment of 5G networks. However, they will also possess a significant risk to the network as threat actors will be able to deploy their own gateway devices that can be used to initiate attacks in the same manner that web based man-in-the middle attacks play out today, ENISA also fears.

Virtualisation Threats

Attackers could potentially target and abuse the interconnected (DCI) protocols that are used by datacentres and are instrument in the operation of virtualised systems. ENISA notes that through the “Exploitation of specific vulnerabilities of Data Centers Interconnect (DCI) protocols (e.g. lack of authentication and encryption). An attacker could create spoofed traffic in such a way that it traverses DCI links or to create a DoS attack of DCI connections.”

Recommendations to Mitigate 5G Network Threats

ENISA believes that all stakeholders in the network need to work together in a transparent manner if the threats to the 5G network are to be mitigated. It also recommends that vendors, operators and verticals have open discussions around the technical and organisational nature of the network.

The agency says closer cooperation, based on a close reading of its report, would speed up the adoption of security requirements and secure 5G practices and will create competitive advantages within the entire EU space.”

See Also: GCP Touts New “Lock Google Out” Encryption Offerings

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.