5G Security

Mobile Networks Have Terrible Security

You might think that the global mobile network is very secure. Billions of people depend on it every day. In fact it is full of holes.

It's easy to hack mobile networks

Foreign spies can spoof phones into thinking they are talking to the mobile network in order to locate those phones and launch attacks on those phones. At least one such spoofing system was found in Washington DC. Law enforcement agencies abuse this spoofing gear, too.

The control protocols for making calls and extracting information from the network are not secure. Two factor authentication by text message can be hacked. You get "robocalls" from sketchy foreign call centers that masquerade as on-shore numbers. There is a long list of security holes in the mobile network, several of them shocking in their potential for risk and abuse.

The end of NOBUS and the rise of Chinese equipment makers

Mobile networks, indeed the whole history of telegraph and telephone networks is intimately connected with state-actor surveillance. Powerful nations had assumed they had exclusive access to, and control over the security of networks within their borders. Superpowers extend that reach globally, sometimes overtly through alliances like Five Eyes, and sometimes covertly by exploiting vulnerabilities in other nations' networks. When you have globally dominant control over technology, and intelligence gathering agencies that can outspend the rest of the planet on stockpiling and exploiting vulnerabilities, you even need an acronym for it: "NOBUS." It stands for Nobody-but-us.

NOBUS was relatively easy to maintain when, for example, the Soviet Union could be deprived of state of the art semiconductor technology with the cooperation of a small number of allied governments and technology companies. It has become much more difficult to base strategic advantages on NOBUS when China is training a large cohort of scientists to world class standards and their telecommunications engineering companies have, in two decades, gone from selling cheap knock-offs of Cisco routers to designing complete suites of first tier products for 5G networks.

This change has led to concerns that the Chinese will make an attempt for the same level of access to surveillance the US has enjoyed exclusively since telephone networks were first built.

Irrational reactions

The end of western surveillance dominance is driving some irrational responses, like this from US Attorney General Bill Barr:

"There are only two companies that can compete with Huawei right now as 5G infrastructure suppliers: Nokia and Ericsson..." Barr said.

"Some propose that these concerns could be met by the United States aligning itself with Nokia and/or Ericsson through American ownership of a controlling stake..."

There is the head of the US Department of Justice proposing that the US acquire telecom equipment makers to stave off the end of NOBUS.

5G Can'T Fix The Mobile Network's Bad Security

5G standards and protocols, and especially the 5G standalone network architecture closes some security holes and improve mobile network security. 5G has the potential to improve security for wired telephone networks, too.

The mobile network moves too slowly to fix vulnerabilities

But it is, still, vulnerable, and most previous vulnerabilities will remain in the mobile network for the many years. Maybe decades. This is due to interoperation and compatibility requirements, and old equipment and software in the global, interconnected, mobile network.

Bruce Schneier explains

Some of the best writing about 5G security is in an article written by Bruce Schneier. It is concise and understandable, and it covers all the important points regarding 5G security. If you want to take a deeper dive into what's wrong with mobile network security, and a wide range of other information security topics, Schneier's writing is often the best there is.

The article by Schneier in Foreign Policy magazine puts mobile security in perspective, including the current worries about Chinese equipment makers: https://foreignpolicy.com/2020/01/10/5g-china-backdoor-security-problems-united-states-surveillance/