Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

5G Security Flaw Allows Data Access, DoS Attacks

A design flaw discovered in the architecture of 5G network slicing can allow malicious actors to access potentially sensitive data and launch denial-of-service (DoS) attacks, mobile network security company AdaptiveMobile Security warned this week.

A design flaw discovered in the architecture of 5G network slicing can allow malicious actors to access potentially sensitive data and launch denial-of-service (DoS) attacks, mobile network security company AdaptiveMobile Security warned this week.

5G network slicing enables operators to provide different amounts of resources to different types of traffic — based on their needs — by dividing the same physical network infrastructure into distinct virtual blocks. For example, the amount of resources needed by consumers for communications and entertainment can be different from the resources required by factories for their IoT devices, or those required for automotive applications, or healthcare systems.

AdaptiveMobile Security discovered that the architecture of 5G network slicing has a serious flaw that can expose the customers of mobile operators to various types of attacks.

“In its research, AdaptiveMobile Security examined 5G core networks that contain both shared and dedicated network functions, revealing that when a network has these ‘hybrid’ network functions that support several slices there is a lack of mapping between the application and transport layers identities,” AdaptiveMobile explained. “This flaw in the industry standards has the impact of creating an opportunity for an attacker to access data and launch denial of service attacks across multiple slices if they have access to the 5G Service Based Architecture.”

“For example, a hacker compromising an edge network function connected to the operator’s service based architecture could exploit this flaw in the design of network slicing standards to have access to both the operator’s core network and the network slices for other enterprises,” the company added.

Specifically, an attacker could exploit the vulnerability to track users’ location, disrupt network functions, and access network functions and related information from another block.

AdaptiveMobile Security has reported its findings to the GSMA, which represents the interests of mobile network operators worldwide, to allow impacted organizations to take measures before 5G network slicing becomes more widely used.

The cybersecurity firm says the risk of attacks is currently low due to the limited number of operators that use network slicing.

Advertisement. Scroll to continue reading.

AdaptiveMobile Security has published a paper detailing its findings.

Related: Vulnerabilities in Standalone 5G Networks Expose Users to Attacks

Related: Securing a Connected Future: 5G and IoT Security

Related: 5G Security Risk vs. Reward

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.