One of 5G’s Biggest Features Is a Security Minefield

True Wireless 5G data, with it Super fast speed and advanced security protectionwas slow implementation around the world. As mobile technology evolves – combining expanded speed and bandwidth with low-latency connections – one of its most touted features is starting to gain traction. But the upgrade comes with a host of potential security risks.

A vast array of new devices with 5G capabilities, from smart city sensors to agricultural robots and more, are gaining connectivity to the Internet in places where Wi-Fi is impractical or impossible. use. Individuals can even choose to trade in their fiber optic internet connection for a 5G receiver at home. But the interfaces carriers have set up to manage internet-of-things data are fraught with security holes, according to research to be presented Wednesday at the Black Hat security conference in Las Vegas. And these vulnerabilities can be difficult for the industry in the long run.

After years of examining potential security and privacy issues in mobile data radio frequency standards, researcher Altaf Shaik of the Technical University of Berlin said he was curious to investigate the application programming interfaces (APIs) that carriers are providing so developers can access IoT data. These are paths that apps can use to pull, such as real-time bus tracking data or inventory information. Such APIs are common in web services, but Shaik points out that they are not yet widely used in core telecommunications services. Reviewing the 5G IoT APIs of 10 mobile service providers around the world, Shaik and colleague Shinjo Park found common, well-known API vulnerabilities in all of them, and some possible exploited to gain data access or even direct access to IoT devices on the network.

“There is a huge gap in knowledge. This is the beginning of a new type of attack in the telecommunications sector,” Shaik told WIRED ahead of his presentation. “There’s a whole platform where you have access to the APIs, there’s the documentation, everything, and it’s called the ‘IoT service platform’. Every operator in every country will sell them if they haven’t already, and there are virtual operators and subcontracts as well, so there will be plenty of companies offering this kind of platform. “

The designs of the IoT service platform are not specified in the 5G standard and are up to each carrier and company to create and implement. That means there is wide variation in their quality and implementation. In addition to 5G, upgraded 4G networks may also support some IoT extensions, expanding the number of service providers that can provide IoT service platforms and the APIs that make them available.

The researchers purchased IoT packages across 10 service providers they analyzed and received special SIM cards just for data for their network of IoT devices. This way, they have access to the same platforms as any other customer in the ecosystem. They discovered that basic flaws in the API setup, like weak authentication or lack of access control, could reveal the SIM card identifier, the SIM card’s secret key, the identity of the purchaser. SIM cards and their payment information. And in some cases, researchers can even access other users’ massive data streams, or even identify and access their IoT devices by sending or replaying commands that might otherwise be unknown to them. out they can’t control.

Source link


News of max: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button