Ðиколай ÐаÑаев - st

‘Major’ security flaw detected in 5G core network slicing design

Mobile security specialist details potentially revenue-threatening vulnerabilities with key element of next-generation networks and reveals plans to work with industry to provide mitigation prior to widespread deployments

Network slicing will be one of the key drivers of 5G, offering the ability to construct private wireless networks, and is predicted to generate revenues of more than $20bn by 2026, but a research post from AdaptiveMobile Security has publicly disclosed details of a major security flaw in its architecture of 5G and that of virtualised network functions.

The fundamental vulnerability has the potential to allow data access and denial of service attacks between different network slices on a mobile operator’s 5G network, leaving enterprise customers exposed to malicious cyber attacks.

Network slicing allows a mobile operator to divide its core and radio network into multiple distinct virtual blocks that provide varying amounts of resources and prioritisation to different types of traffic. One of the most innovative aspects of 5G, network slicing will let operators provide portions of their core networks for specific vertical customer use cases, such as automotive, healthcare, critical infrastructure and entertainment.

As a result, the network is opened up to many partners and sliced into use cases and vertical-specific blocks. Even though the probability of attack is low due to the limited number of mobile operators with multiple live network slices on their networks, AdaptiveMobile Security warned that the issue it discovered has the potential to cause significant security risks to enterprises using network slicing and undermine operators’ attempts to open up new 5G revenues.

The stakes are high. Enterprise 5G network slicing has been predicted to carve out tens of billions in revenue over the next five years for communications service providers as they bolster their capabilities to go beyond connectivity. In February 2021, a study from ABI Research calculated 5G network slicing would generate revenues of more than $20bn by 2026, driven by 5G-based slicing in industrial manufacturing applications, cellular vehicle-to-everything (C-V2X) and logistics which alone could generate cumulative revenues of $12bn by that time.

In its research, AdaptiveMobile Security examined 5G core networks that contain both shared and dedicated network functions, revealing that when a network has these “hybrid” network functions that support several slices there is a lack of mapping between the application and transport layers identities. This flaw in the industry standards has the potential impact of creating an opportunity for an attacker to access data and launch denial-of-service attacks across multiple slices if they have access to the 5G service-based architecture.

AdaptiveMobile Security is investigating if the currently defined 5G standards’ mechanisms will be sufficient to stop an attacker. In doing so, it uncovered three main attack scenarios based on the flaw, which cannot be mitigated according to today’s specified technology.

This could mean a hacker comprising an edge network function connected to the operator’s service-based architecture could exploit this flaw in the design of network slicing standards to have access to both the operator’s core network and the network slices for other enterprises. The impact is that the operator and their customers are exposed and risk the loss of sensitive location data – which would allow user location tracking, the loss of charging-related information and even the potential interruption to the operation of the slices and network functions themselves.

“When it comes to securing 5G, the telecoms industry needs to embrace a holistic and collaborative approach to secure networks across standards bodies, working groups, operators and vendors,” said Silke Holtmanns, head of 5G security research at AdaptiveMobile Security.

“Currently, the impact on real-world applications of this network-slicing attack is only limited by the number of slices live in 5G networks globally. The risks, if this fundamental flaw in the design of 5G standards had gone undiscovered, are significant. Having brought this to the industry’s attention through the appropriate forums and processes, we are glad to be working with the mobile network operators and standards communities to highlight these vulnerabilities and promote best practice going forward.”

The outcome of the research, captured in a whitepaper titled A slice in time: Slicing security in 5G core networks, has been shared with the global mobile industry’s trade body the GSMA, operators and standards bodies to address the issue and update architectures to prevent exploitation in line with the standard coordinated vulnerability disclosure process.

Read more about network slicing

Read more on Telecoms networks and broadband communications