Researchers from security firm Positive Technologies warns of 4G/5G Wireless Networks as vulnerable as WiFi and putting smart-cities at risk
The Internet of Things (IoT) presents many new opportunities and some different challenges. The vast number of devices makes it very expensive to connect everything with traditional network cabling and in many cases the equipment only supports wireless connectivity.
Many IoT devices for consumers leverage WiFi networks and we are already seeing the security challenges with these technologies. The largest Denial of Service (DoS) attacks leverage consumer IoT equipment (Mirai Botnet) and there are many stories of bad actors spying on people through their unsecured webcams.
While WiFi is widely adopted in homes, it doesn’t scale well to large commercial installations like Industrial IoT in manufacturing, energy or SmartCities.
As communications carriers deploy expansive 4G/5G Wireless Networks these are becoming the infrastructure of choice for commercial IoT. Unfortunately, although managed by professionals, they still have many vulnerabilities that can increase risks unexpectedly. We already knew that the SMS messaging system was flawed and can not be relied upon for secure messaging.
Now security vendor, Positive Technologies, is warning that a fundamental protocol of 4G/5G Wireless Networks creates three potential risks.
“Detected vulnerabilities pose a threat to intelligent traffic lights and street lighting; electronic road signs; information displays at bus stops; and other smart city features that are commonly connected to mobile networks of the fourth generation. Positive Technologies revealed these flaws in mobile networks, which are also relevant to future 5G networks, as part of security assessment conducted in 2016 and 2017.” reads the report published by Positive Technologies.
“Vulnerability exploitation techniques specified in the report are based on flaws of the GTP protocol. They do not require an attacker to possess any sophisticated tools or skills, instead they simply need a laptop, a free software installer for penetration tests, and basic programming skills.”
To read the original article: