We all just want our devices to talk to each other, instantaneously, with a clean signal, no latency, and nobody listening in. Is that too much to ask? The promise of secure connectivity is driving the rapid adoption of private LTE networks and—more recently—private 5G networks. According to a study by Mobile Experts, the private 5G/LTE market is on track to hit $10 billion in five years, with an annual growth rate of 20%.
There are countless use cases already. Cellular Internet of Things deployments can support automated industrial processes. Private 5G/LTE networks can provide better reception and faster cellular connectivity for smartphones and other devices within dense office campuses. Applications like connected vehicles, telehealth, and smart cities all require private cellular connectivity.
Still, we have to wonder, is a private cellular network really as private and secure as we would like? What threats still loom over mission-critical devices on private 5G/LTE networks? Can they add a layer of security to business smartphone applications on premises?
What are private 5G/LTE networks?
Private 5G/LTE networks function a lot like public cellular networks, but on a smaller scale. They utilize micro versions of cells and towers to provide coverage and connectivity to a limited area. These networks may operate on spectrums licensed from larger carriers, on unlicensed spectrums, or on certain shared spectrums.
The use of private 5G/LTE networks allows businesses to take advantage of cellular network technology that brings multiple advantages to the table. Cellular networks handle heavy traffic better than Wi-Fi over larger areas and offer higher speeds as well as functionality aimed at innovative applications. However, though the name may suggest they are “private” and thus secure, private 5G/LTE networks remain vulnerable to attack nevertheless.
Why are private 5G/LTE networks gaining popularity?
Private cellular networks are nothing new. Forward-thinking corporations and industrial enterprises have been using them, with the help of telcos or MNOs, for quite some time. Be it enabling cellular connectivity on corporate campuses to networking large remote operations, some private cellular networks are already deployed on technologies as old as 2G.
The pains that private cellular networks address in enterprises have changed little over the years but they did grow. To support the applications of Industry 4.0, and the growing number of connected devices, businesses need a reliable, clean, wireless spectrum uninterrupted by competing traffic. They also need increased coverage, reliable handover capabilities and, of course, the security and privacy the name in itself suggests.
With the maturation of private 5G/LTE network technology, opportunities to introduce a myriad of new use cases and benefits to organizations across verticals became clear to both businesses and service providers. Recently, telecom digital transformation has been fueled by the COVID-19 crisis, which hit the fast forward button on the adoption of private 5G networks in industries like healthcare, manufacturing, logistics, utilities, and public safety.
Why are private 5G/LTE networks vulnerable to cyber attacks?
One of the features offered by 5G that sets it apart from predecessors is a supposed boost to cellular protocol security. Newer devices are also supposed to have better protection in place than older ones.
Despite all that, there are still plenty of back doors and vulnerabilities to consider before deploying a private 5G/LTE network. It’s easy to see why: every type of wireless network is innately vulnerable simply because the connection is right there in the airwaves, reachable by anyone within range.
Top cyber threats to private 5G/LTE networks
To protect a private cellular network from threats, you must first know and understand them—not only to mitigate said threats but also to prepare for the potential fallout of a successful attack.
Let’s review the different use cases for private cellular networks in the context of potential threats.
1. Denial of Service (DoS)
Denial of Service refers to attacks on a device or network that deny connectivity or access to a specific connected service. Automobile manufacturers like Ford and Toyota have started using private 5G networks to improve connectivity at their factories, allowing components such as robotic welders to work together more efficiently. When these components rely on the private cellular network for communication, a DoS attack that may harm even a single perfectly orchestrated process, can shut the entire facility down, incurring serious financial losses.
With a device that impersonates International Mobile Subscriber Identity (IMSI) numbers, hackers can pose as cell towers on an existing network and lure other devices to connect to them by offering the strongest signal strength on the network. Once the devices are connected to the impersonator, they can no longer communicate with the actual network. These attacks can be difficult to detect and prevent without the right tools at the network level.
2. Mobile Network Mapping (MNmap)
Wireless data-sniffing devices can use identifying data sent over cellular signals to determine what types of devices are connected to the network. This is known as an MNmap attack or device fingerprinting. It can give bad actors access to sensitive information about the devices within a private network and their capabilities.
At the port of Antwerp, private 5G networks are used to streamline communications between tugboats, inspectors, and security services. In such a scenario it would be essential to eliminate any gaps in mobile networking mapping protocols that could be exploited by bad actors looking to conceal physical crimes committed. For example, illegal trafficking operations that wish to evade detection would want to discover where cellular security cameras are located around the port.
3. Bidding Down (service degradation)
Hackers can use IMSI-impersonating devices to execute DoS attacks, but that’s not all these devices can do. They can also use their status as trusted network nodes to carry out “man in the middle” attacks, where they send malicious commands to connected devices.
One such attack causes devices to “bid down” to lower-quality network protocols, causing a degradation in the quality of their service. This could be a subtle yet highly damaging attack against corporate networks. For example, the private cellular networks operated by airlines at three of the major airports in Paris. Degraded network quality could significantly disrupt the time-sensitive and carefully scheduled operations.
4. Battery Drain
Another type of man-in-the-middle attack can send signals that cause device batteries to drain rapidly. These attacks can have serious, even life-threatening consequences when used against networks that are used to maintain critical IoT devices.
One such example is a private cellular network used by the mining company Newcrest to make their equipment operate more safely and efficiently. In that scenario, it could be dangerous for a remote sensor to lose battery power unexpectedly, as replacing the battery could be a hazardous and complex operation in itself.
5. Mobile Identity Capture
It’s not difficult for hackers to intercept cellular signals and infer the identities of the devices sending and receiving them. This process of capturing identities can be the starting point for MNmapping and other attacks, but it can be a big enough problem in itself in certain contexts.
When health and social welfare systems are using private 5G networks to provide services, mobile identity capture can endanger the privacy and safety of patients.
6. Malware Delivery
A common objective of man-in-the-middle attacks is to bypass security protocols to disseminate malware: viruses, bots, keyloggers, ransomware, and other harmful software.
At a company like Fujitsu, where private 5G networks are used for corporate security, the consequences of letting a payload of malware slip through could be devastating.
7. Intercepting Communication
Private 5G/LTE networks can be used to provide reliable communication systems in remote and hard-to-access parts of the world, providing greater safety and other benefits to workers in those areas.
When these networks are the only point of contact with the outside world, there is considerable risk in the possibility of hackers intercepting and misdirecting communications. One possible attack vector is service downgrading, forcing devices to connect using slower, less secure communication protocols, thus allowing for easier capture and decryption of data.
8. DNS Spoofing
A hacker that has gained access to a private network via IMSI impersonation (or some other method) can launch DNS spoofing attacks on that network. MiTM (Man-in-the-Middle) based, this attack can allow bad actors to change the IP address of the requested DNS server. Said bad actors can then redirect domain requests to resolve to malicious sites under their own control.
One example where this type of attack could be incredibly harmful is in school districts where private networks are used for remote learning. Cybercriminals could use DNS spoofing to display unwanted content to students by redirecting the traffic from educational portals and virtual classroom links.
9. Uplink Impersonation
Depending on the nature and structure of the network, impersonators can do a lot of harm. By employing an attack vector like IMP2GT, the attacker can “appear” to devices on the network as the legitimate target of said traffic.
In some Michigan counties where private cellular networks are used to transmit election data, cybersecurity experts have raised concerns that vote tampering could occur via this type of attack.
10. Downlink Impersonation
Hackers that can impersonate network-level commands may be the most pernicious of all. This is especially dangerous in an environment of IoT devices operating hazardous and/or essential systems. Attacks like IMP4GT allow attackers to operate a malicious site or service under the identity of the real site of service.
In the UK, large gas storage facilities use a private 5G network to manage plant management, safety, and operations systems. The damage to health and environment that could result from connected devices acting on malicious instructions would be hard to overstate.
Though some of the examples above are imagined scenarios, they describe real attacks that can have significant, business-threatening repercussions.
Protecting private 5G/LTE networks
Mobile connectivity is critical for the functionality of most technologies employed in automation, collaboration, communication, and remote work.
Though the implementation of private cellular networks has gradually gained traction in the past decade, the COVID-19 crisis has made it clearer than ever that fast, reliable, and secure private 5G/LTE networks are needed for business continuity and growth. Market analysts have already taken note of how interest in private cellular networks has grown in the wake of the pandemic.
Securing any wireless network is a challenge, and 5G/LTE mobile technology is no different. It requires a multilayered approach that considers every connected component; from vulnerable smartphones and IoT device settings to malware payloads hidden in supposedly innocent business network traffic.
Due to the sheer versatility of threats and vulnerabilities, it is clear that private cellular networks inherently lack—and are likely to continue to lack—the features and capabilities to fully protect the network and devices on it. Third-party tools remain a critical component in securing private 5G/LTE networks against external threats and are necessary for private cellular networks to live up to their promise – fast, reliable, and private wireless communications.
Close the cyber gaps in your private network.
FirstPoint’s cellular security solutions are built to seal off private networks from attackers.Contact Us