ENISA warns on the cyber risks of 5G
April 2018 by ENISA
The 5G ultra-fast mobile networks, which should be available in 2025, embed "very high risks" for security, according to the European Agency for Cybersecurity (ENISA).
The European Commission and European governments are engaged in the race to make 5G available as quickly as possible, and hurry telecom operators to invest billions of euros in this new technology.
ENISA, however, calmed the political fervor about 5G: fast mobile connections are linked to "medium to high" cyber attacks possibilities, according to the Athens-based agency.
In a recently released report, the European agency fears that the flaws already identified in the SS7 and Diameter signaling protocols used by operators for 2G, 3G and 4G mobile communications, could be also found in the 5G. In the same way, these flaws would allow to listen or to usurp the 5G traffic and to intercept the location information, as stated by the ENISA. "There is a certain risk that the story would be repeated with the move to 5G," said the agency, adding that the capacity of 5G networks to support more users and bandwidth increases even more the risk.
Attackers can exploit the SS7 telephony signaling protocol used in 2G and 3G networks to intercept or divert messages sent by SMS. It would not be a big deal if the attacker simply wanted to read the average user’s messages, but many companies use two-factor SMS authentication, assuming that only the mobile owner will see the sent messages. However, as noted by the Enisa, this assumption is risky, as could discover several German banks: hackers were able to empty the accounts of their customers after intercepting unique passwords sent by SMS.
Recommendations not followed to date
The agency also regrets that the discovery of flaws and proposed fixes have not been followed by actions. "Several proposals to secure the SS7 and Diameter protocols have never been adopted by the industry. "
Keep control of your own safety
To respond to these latent risks, Cryptofrance offers since 2007 secure encrypted telephony solutions, guaranteeing our customers total confidentiality when communicating via mobile networks. Our solutions allow the voice encryption and messages encryption to protect you from rogue surveillance, still possible today, and which will unfortunately persist in the future.