What is 5G and What Does it Mean for Cybersecurity?
The buzz around 5G is reaching a fevered pitch – barely a day goes by where it isn’t in the news. We have heard about the data capacity and speed increases, lower latency, and lower power consumption.
The Ericsson Mobility Report 2020 shows how the impact of Covid19 has led to network’s crucial role in society. The report expects the global number of 5G subscriptions to top 2.8 billion by the end of 2025. In India, 5G is expected to represent around 18 percent of mobile subscriptions at the end of 2025.
It also states that in India, the projected value of the 5G-enabled digitalization revenues will be approximately USD 17 billion by 2030. With 5G being a platform for innovation it will enable the development of new services for consumers, enterprises, and industry, including large-scale IoT use cases.
BUT WHAT EXACTLY IS 5G?
When we spoke with Dorothy Stanley, IEEE Member and Chair of the IEEE 802.11 Working Group, she pointed out that confusion stems from the term ‘5G’ being used to refer to several ideas interchangeably: “Is 5G a vision? A set of services and data rates that are a goal to be accomplished, requiring multiple technologies? Or something that’s tied only to cellular carriers and what they can deliver?”
Some experts are most focused on the mixed nature of the technology. Babak Beheshti, IEEE Member and Interim Dean, College of Engineering and Computing Sciences, New York Institute of Technology, for example: “The very design philosophy of 5G is based on network heterogeneity. This means that the network can be a combination of technologies such as Wi-Fi® and LTE.”
Therefore, what 5G means depends on the context of the discussion, but it’s likely to include a combination of technologies.
This heterogeneity makes security more complex. However, there are already some exciting developments in the pipeline for 5G and IoT device security.
“According to T-Mobile US, 4G information being carried across mobile networks was not always encrypted. In 5G, end-to-end encryption is intended to provide much stronger safeguards for data privacy,” Beheshti says.
That will be coupled with a globally unique subscriber permanent identifier (SUPI) for each user. Beheshti: “The SUPI is never broadcast over the air during connection establishment for a mobile device, which can help prevent the hijacking of a mobile’s identity. 3G and 4G networks are inferior in this respect.”
For Stanley, top of mind is “The latest security solution, Wi-Fi CERTIFIED Easy Connect™. You scan the QR code, and that bootstraps a protocol exchange that gets you on the network securely, so your traffic over the wireless link will not be snipped.”
Since IoT devices don’t often have robust user interfaces, using a QR code lets manufacturers create security protocols that can be operated without the use of a keyboard, Stanley says. “The QR code is just a way to encode data. Basically, you’re encoding a public key that then can be used to establish and bootstrap trust. Only the peer device that has the private key can decode that.”
So upcoming security technologies are promising.
WHAT CAN CONSUMERS DO TO MAKE SURE THEIR CURRENT IoT SETUPS ARE SECURE?
For Kayne McGladrey, IEEE Member and Director of Security and Information Technology at Pensar Development, “Consumers should use the ‘guest’ network of their home Wi-Fi routers as a dedicated network for IoT devices, so if one of those devices were compromised, the threat actor can’t easily pivot to more valuable data.”
That’s the case for newer devices, he says. “For older, cheap, IP-based security cameras and digital video recorders (DVRs), the easiest way to secure them is to recycle them responsibly as there often are no security updates available.”
The ability to update devices over their lifetime is essential to security, and should factor into buying decisions, he says.
Han Guangjie, IEEE Senior Member and professor at Hohai University, seconds this point: “Check and update the IoT device firmware. If IoT devices have exploitable vulnerabilities, manufacturers often identify and fix problems before the hacker can access the device’s environment.”