AdaptiveMobile security researchers have discovered a major flaw in the architecture of 5G network slicing and virtualized network functions. This vulnerability has been discovered to potentially allow data access and denial of service (DOS) attacks between different network slices on a mobile operator which leaves enterprise clients exposed to malicious cyberattacks.
Details of 5G network
5G, the 5th generation mobile network, is the latest global wireless standard after the previously introduced 1G, 2G, 3G, and 4G networks which makes it all the more important because it enables a new kind of network that is created to connect virtually everyone and everything including machines, objects and devices.
How does 5G network slicing works?
Network slicing basically permits a mobile operator to divide their core and radio network into multiple distinct virtual blocks that provide different amount of resources to different types of traffics.
A great benefit of 5G network slicing for network operators will be the ability to deploy only the functions necessary to support specific clients and particular market segments such as automotive, healthcare, critical infrastructure, and entertainment.
Some of the top nations using 5G are also the ones who are most affected by the vulnerability including South Korea, United Kingdom, Germany, and the United States because multiple firms in these countries deployed networks and are selling compatible devices.
5G network loopholes
In its investigation, AdaptiveMobile Security examined 5G core networks that contain both shared and dedicated network functions, disclosing that when a network has these ‘hybrid’ network functions that support several slices there is a lack of mapping between the application and transport layers identities.
This vulnerability in the industry standards has the potential impact of creating an opportunity for an attacker to access data and launch denial-of-service attacks across multiple slices if they have access to the 5G service-based architecture.
“When it comes to securing 5G, the telecoms industry needs to embrace a holistic and collaborative approach to secure networks across standards bodies, working groups, operators and vendors. Currently, the impact on real-world applications of this network-slicing is only limited by the networks globally. The risks, if the fundamental flaw in the design of 5G standards had gone undiscovered, are significant,” said Dr. Silke Holtmanns, Head of 5G Security Research at AdaptiveMobile Security.