Telecom security experts outline cyber security recommendations to mobile operators in 5G Non-Standalone era

Positive Technologies has published its Migrating mobile networks to 5G: a smooth and secure approach report. The report details how mobile network operators (MNOs) who have already begun upgrading to 5G networks can make the journey of migration from previous generation networks without exposing themselves and subscribers to existing and new risks.

5G networks today mostly rely on the infrastructure of previous-generation 4G LTE networks. The Non-Standalone architecture has proved a quick way to provide subscribers with 5G access, since MNOs do not need to build a new core network. However, this also exposes both the next-generation network & 5G subscribers to the same threats of past networks.

As shown by previous Positive Technologies research, an attacker can exploit Diameter vulnerabilities in 4G to cause denial of service attack, track subscriber location, obtain subscriber profile information, and commit fraud. In the report, Positive Technologies experts argue that with 5G Non Standalone architecture, previous-generation protocols must be secured and since networks are so intertwined, merely defending 5G is not enough.

It also examines how mobile operators are scoping out ways to successfully migrate, without compromising the current architecture. One solution is to build a separate Standalone core network and shed themselves of the LTE entirely. Some mobile providers are beginning to deploy their standalone 5G networks. Gartner expects 5G investment to exceed LTE/4G in 2022 and that communications service providers (CSPs) will gradually add standalone capabilities to their non-standalone 5G networks. For now, operators cannot completely scrap old networks, especially as 5G coverage is not available everywhere.

Pavel Novikov, Head of Telecom Security Research Team at Positive Technologies comments, “For years to come, most 5G networks will continue to rely on 4G networks, which means 5G-only security efforts are pointless and dangerous. Therefore, true 5G security must go beyond the features built into standalone architecture. Cost efficiencies can be gained by building a hybrid network that supports both LTE and 5G which will enable a future-proofed next generation network in the longer term. This enables mobile operators to add new 5G-capable subscribers, while continuing to support older ones to offer a full-service network. To defend 5G networks, it's important to pay special attention to signalling networks, utilising existing defences, and adding additional layers specific to 5G. The network must be carefully checked for configuration errors, requiring regular assessment of the state of infrastructure security.”

Click here to access the full report.