Top 10 Cyber ​​Threats to Private 5G/LTE Networks

We all want devices to communicate with each other instantly, with clear signals, no delays, and no eavesdropping. The promise of secure connectivity is driving the rapid adoption of private 5G/LTE networks. According to a study by Mobile Experts, the private 5G/LTE market is expected to reach $10 billion within five years, with an annual growth rate of 20%.

Still, one has to wonder, are private cellular networks really as private and secure as we think? What threats do mission-critical devices still face on private 5G/LTE networks? Can they add a layer of security locally for business smartphone applications?

What are private 5G/LTE networks?

Private 5G/LTE networks function much like public cellular networks, but on a smaller scale. They use miniature versions of cells and towers to provide coverage and connectivity to limited areas. These networks can operate on spectrum licensed by large operators, unlicensed spectrum, or some shared spectrum.

The use of private 5G/LTE networks enables enterprises to take advantage of cellular network technology, which brings many advantages. Compared to Wi-Fi, cellular networks can better handle large volumes of traffic over a larger area and provide higher speeds as well as features for innovative applications. However, although the name may suggest that they are "private" and secure, private 5G/LTE networks are still vulnerable to attacks.

Why are private 5G/LTE networks gaining popularity?

Private cellular networks are nothing new and have been used for a long time by forward-thinking enterprises and industrial companies with the help of telecom companies or multinational corporations. Whether it is to achieve cellular connectivity in corporate campuses or to network large remote operations, some private cellular networks have been deployed on 2G-era technology.

The pain points that private cellular networks solve for enterprises have not changed much over the years, but they have certainly increased. To support Industry 4.0 applications and an increasing number of connected devices, enterprises need reliable, clean wireless spectrum that is not interfered with by competing traffic. They also need greater coverage, reliable handoff capabilities, and security and privacy.

As private 5G/LTE network technology matures, enterprises and service providers alike clearly see the opportunity to introduce countless new use cases and deliver benefits to organizations across vertical industries. Most recently, the digital transformation of telecommunications has been driven by the COVID-19 crisis, which has fast-forwarded the adoption of private 5G networks in industries such as healthcare, manufacturing, logistics, utilities, and public safety.

Why are private 5G/LTE networks vulnerable to cyberattacks?

One of the differentiating features 5G offers is enhanced security for cellular protocols. New devices should also have better protections than older ones.

Still, there are a number of issues and vulnerabilities to consider before deploying private 5G/LTE networks. It’s easy to understand why: Every type of wireless network is inherently vulnerable to attack because the connection is right there on the airwaves, accessible to anyone within range.

Major cyber threats facing private 5G/LTE networks

Protecting private cellular networks from threats requires knowing and understanding them—not only to mitigate them, but also to prepare for the potential consequences of a successful attack.

Let’s review the different use cases for private cellular networks in the context of potential threats.

1. Denial of Service (DoS)

Denial of service refers to an attack on a device or network that denies connectivity or access to a specific connected service. Automakers such as Ford and Toyota have begun using private 5G networks to improve connectivity in their factories, allowing components such as robotic welders to work together more efficiently. When these components rely on private cellular networks to communicate, a DoS attack can compromise even a single carefully orchestrated process, potentially shutting down an entire facility with severe financial losses.

With devices that emulate International Mobile Subscriber Identity (IMSI) numbers, hackers can masquerade as cellular base stations on existing networks and lure other devices to connect to them by providing the strongest signal strength on the network. Once devices connect to the emulator, they can no longer communicate with the actual network. Without the right tools at the network level, these attacks can be difficult to detect and prevent.

2. Mobile Network Mapping (MNmap)

Wireless data sniffing devices can use identification data sent via cellular signals to determine what types of devices are connected to a network. This is called an MNmap attack or device fingerprinting. It can give bad actors access to sensitive information about devices in a private network and their capabilities.

In the Port of Antwerp, a dedicated 5G network is used to streamline communications between tugboats, inspectors and security services. In this context, it is imperative to eliminate any loopholes in the mobile network mapping protocols that could be exploited by bad actors to conceal the physical crimes they have committed. For example, illegal trafficking looking to evade detection would want to discover where cellular security cameras are located around the port.

3. Service degradation

Hackers can use IMSI to impersonate a device and perform a DoS attack, but not all of these devices can do this. They can also use their identity as a trusted network node to perform a "man-in-the-middle" attack, sending malicious commands to connected devices.

One type of attack causes a device to "downgrade" to a lower-quality network protocol, causing its service to degrade. This could be a subtle but highly destructive attack on an enterprise network. For example, an aviation enterprise operates a dedicated cellular network at three major Paris airports. A degradation in network quality could severely disrupt time-sensitive and carefully scheduled operations.

4. Battery consumption

Another type of man-in-the-middle attack can send signals that cause a device’s battery to drain rapidly. When used to maintain a network of critical IoT devices, these attacks could have serious or even life-threatening consequences.

One example is the private cellular network used by Newcrest to make its equipment run more safely and efficiently. In that case, it could be dangerous for a remote sensor to unexpectedly lose battery power, as replacing the battery itself can be a dangerous and complicated operation.

5. Mobile identity acquisition

It's not difficult for hackers to intercept cell phone signals and infer the identities of the devices sending and receiving those signals. This process of acquiring identities can be the starting point for MNmapping and other attacks, but in some cases it can be a big enough problem in itself.

While healthcare and social welfare systems are using dedicated 5G networks to provide services, mobile identity acquisition could jeopardize patient privacy and security.

6. Malware Delivery

A common goal of man-in-the-middle attacks is to bypass security protocols to spread malware: viruses, bots, keyloggers, ransomware, and other harmful software.

As with Fujitsu, dedicated 5G networks are used for enterprise security, and the consequences of allowing malware payloads to infiltrate could be devastating.

7. Intercepting Communications

Private 5G/LTE networks can be used to provide reliable communications systems in remote and hard-to-access areas of the world, offering increased safety and other benefits to workers in these regions.

When these networks are the only point of contact with the outside world, there is considerable risk of hackers intercepting and misleading communications. One possible attack vector is service degradation, forcing devices to connect using slower, less secure communications protocols, making it easier to capture and decrypt data.

8. DNS Spoofing

A hacker who gains access to a private network through IMSI impersonation or other methods can launch a domain name (DNS) spoofing attack against that network. This attack, based on MiTM (man in the middle), can allow the bad actor to change the IP address of the requested DNS server. The bad actor can then redirect the domain name request to a malicious website under his control.

An example of how this type of attack can be extremely harmful is in a school district that uses a dedicated network for remote learning. Cybercriminals can use DNS spoofing to display unwanted content to students by redirecting traffic from educational portals and virtual classroom links.

9. Uplink simulation

Depending on the nature and structure of the network, impersonation can cause a great deal of harm. By using an attack vector like IMP2GT, an attacker can "appear" a device on the network to be a legitimate target for the aforementioned traffic.

In some Michigan counties, which use dedicated cellular networks to transmit election data, cybersecurity experts worry that this type of attack could allow vote tampering.

10. Downward simulation

Hackers who can emulate network-level commands are the most harmful. This is especially dangerous in environments where IoT devices run dangerous or important systems. Attacks such as IMP4GT allow attackers to run malicious sites or services as real service sites.

In the UK, large gas storage facilities use dedicated 5G networks to manage plant management, safety and operational systems. The damage that connected devices could cause to health and the environment by acting on malicious instructions cannot be overstated.

Although some of the examples above are imaginary scenarios, they describe real attacks that could have significant, business-threatening impacts.

Securing Private 5G/LTE Networks

Mobile connectivity is critical to the functionality of most technologies used in automation, collaboration, communication, and remote work.

While the implementation of private cellular networks has gradually gained momentum over the past decade, the COVID-19 crisis has made it clearer than ever that business continuity and growth require fast, reliable and secure private 5G/LTE networks. Market analysts have already noted an increase in interest in private cellular networks in the wake of the pandemic.

Securing any wireless network is a challenge, and 5G/LTE mobile technology is no exception. It requires a multi-layered approach that takes into account every connected component; from vulnerable smartphone and IoT device settings to malware payloads hidden in supposedly harmless business network traffic.

Due to the diversity of threats and vulnerabilities, it is clear that private cellular networks inherently lack the features and capabilities to fully protect the network and its devices. Third-party tools remain a critical component in protecting private 5G/LTE networks from external threats and are necessary for private cellular networks to deliver on their promise (fast, reliable, and private wireless communications).