One of the biggest features of 5G is the security minefield

The 5G platform provided by operators has vulnerabilities in processing embedded device data.

True 5G wireless data boasts ultra-fast speeds and enhanced security protections, but has been slow to roll out around the world. As mobile technology proliferates — combining expanded speeds and bandwidth with low-latency connections — one of its most touted features is starting to gain traction. But the upgrade comes with a host of potential security risks.

From smart city sensors to agricultural robots, a slew of 5G-enabled devices are gaining the ability to connect to the internet in places where Wi-Fi is impractical or unavailable. Individuals may even choose to swap out their fiber internet connections for home 5G receivers. But the interfaces set up by carriers to manage IoT data are riddled with security holes, according to a study at the Black Hat security conference. Those holes could haunt the industry for a long time.

After years of studying potential security and privacy issues in mobile data radio frequency standards, Altaf Shaik, a researcher at the Technical University of Berlin, said he was interested in studying the application programming interfaces (APIs) provided by operators to give developers access to IoT data. Applications can use these channels to obtain real-time bus tracking data or inventory information in warehouses. Such APIs are ubiquitous in web services, but Shaik pointed out that they are not yet widely used in core telecommunications products. By studying the 5G IoT APIs of 10 mobile operators around the world, Shaik and his colleague Shinjo Park found common but serious API vulnerabilities in all of these operators, some of which can be exploited to gain authorized access to data or even directly access IoT devices on the network.

"There's a huge knowledge gap. This is the beginning of a new type of attack on the telecom industry," Shaik told Wired. "There's a whole platform with access to APIs, documentation, and everything, and it's called an 'IoT Service Platform.' Every operator in every country will sell this, and if not, there are MVNOs and subcontractors. So there will be a ton of companies offering this."

The design of IoT service platforms is not specifically specified in the 5G standards, but is created and deployed by each operator and company. This means that their quality and implementation vary greatly. In addition to 5G, upgraded 4G networks can also support some IoT extensions, thereby expanding the number of operators that may provide IoT service platforms and APIs.

The researchers purchased IoT plans from 10 of the operators they analyzed, and bought dedicated data SIM cards for their IoT device networks. In this way, they could access these platforms like any other customer in the ecosystem. They found that basic flaws in the API setup, such as weak authentication or missing access controls, could reveal SIM card identifiers, SIM card keys, the identity of the purchaser, and their billing information. In some cases, the researchers were able to access large amounts of data streams from other users, and even identify and access IoT devices by sending or replaying commands that they should not have controlled.

The researchers conducted public procedures for the 10 operators they tested and said that most of the vulnerabilities they found so far have been fixed. Shaik pointed out that the quality of security protection on IoT service platforms varies greatly, some appear to be more mature, while others "still adhere to old poor security policies and principles." He added that the organization did not publicly investigate the names of the operators because of concerns that these problems may be widespread. Seven of them are located in Europe, two in the United States, and one in Asia.

"We found that just by being on the platform, we could exploit vulnerabilities to access other devices, even if they didn't belong to us," Shaik said. "Or we could talk to other IoT devices, send messages, extract information. That's a big problem."

Shaik stressed that no hacking was carried out on other customers and nothing inappropriate was done when different flaws were discovered, but he pointed out that none of the operators detected the researchers' probes, which in itself shows a lack of monitoring and security measures.

These findings are just a first step, but they highlight the challenges of securing a large-scale new ecosystem as the full breadth and scale of 5G begins to emerge.