True Wireless 5G data, with it Super fast speed and advanced security protectionwas slow implementation around the world. As mobile technology evolves – combining expanded speed and bandwidth with low-latency connections – one of its most touted features is starting to gain traction. But the upgrade comes with a host of potential security risks.
A huge number of new 5G-enabled devices, from smart city sensors to agricultural robots and more, are gaining connectivity to the Internet in places where Wi-Fi is impractical or impossible. use. Individuals can even choose to trade their fiber internet connection for a 5G receiver at home. However, new research, to be presented Wednesday at the Black Hat security conference in Las Vegas, warns that interface vendors set up to manage internet of things data have security holes that could not be detected. they fear will affect the industry in the long run.
After years of examining potential security and privacy issues in mobile data radio frequency standards, researcher Altaf Shaik of the Technical University of Berlin said he was curious to investigate. application programming interfaces (APIs) that carriers are providing so developers can access IoT data. These are conduit applications that can be used for towing, such as real-time bus tracking data or inventory information. Such APIs are common in web services, but Shaik points out that they are not yet widely used in core telecommunications services. Reviewing the 5G IoT APIs of 10 mobile service providers around the world, Shaik and his colleague Shinjo Park found common, well-known API vulnerabilities in all of them, and some possible exploited to gain permissioned access to data or even direct access to IoT devices on the network.
“There is a huge knowledge gap, this is the beginning of a new type of attack in the telecommunications sector,” Shaik told WIRED ahead of his presentation. “There’s a whole platform where you have access to the APIs, there’s the documentation, everything, and it’s called the ‘IoT service platform’. Every operator in every country will sell them if they haven’t already, and there are virtual operators and subcontracts as well, so there will be plenty of companies offering this kind of platform. “
The designs of the IoT service platform are not specified in the 5G standard and are up to each carrier and company to create and implement. That means there is wide variation in their quality and implementation. In addition to 5G, upgraded 4G networks may also support some IoT extensions, expanding the number of service providers that can provide IoT service platforms and the APIs that make them available.
The researchers purchased IoT packages across 10 service providers they analyzed and received special SIM cards just for data for their network of IoT devices. This way, they have access to the same platforms as any other customer in the ecosystem. They found that basic flaws in the API setup, such as weak authentication or lack of access control, could expose the SIM card identifier, the SIM card’s secret key, the identity of the person who buy SIM cards and their payment information. And in some cases, researchers can even access other users’ massive data streams, or even identify and access their IoT devices by sending or replaying commands that might otherwise be unknown to them. out they can’t control.