We all expect devices to communicate with each other instantly, with a clear signal, no lag, and no eavesdropping. The promise of secure connectivity is driving rapid adoption of private 5G/LTE networks. According to a study by Mobile Experts, the dedicated 5G/LTE market is expected to reach $10 billion within five years, with an annual growth rate of 20%.

Still, wondering, are private cellular networks really as private and secure as we think? What threats are still facing mission-critical devices on private 5G/LTE networks? Could they add a layer of security locally to business smartphone apps sex?

What is a private 5G/LTE network?

Private 5G/LTE networks function much like public cellular networks, but on a smaller scale. They utilize tiny versions of cells and cell towers to provide coverage and connectivity in limited areas. These networks can operate on licensed spectrum from large operators, as well as unlicensed spectrum or some shared spectrum.

The use of private 5G/LTE networks enables businesses to leverage cellular network technology, which brings numerous advantages. Compared to Wi-Fi, cellular networks can handle heavy traffic better over a greater range and offer higher speeds and features for innovative applications. However, private 5G/LTE networks are still vulnerable, despite what the name might suggest they are "private" and secure.

Why are private 5G/LTE networks gaining popularity?

Private cellular networks are nothing new and have been used for a long time by forward-thinking enterprises and industrial companies with the help of telecom companies or multinational corporations. Whether enabling cellular connectivity on corporate campuses or networking large-scale remote operations, some private cellular networks have already been deployed on 2G-era technologies.

The enterprise pain points that private cellular networks solve haven't changed much over the years, but they have definitely increased. To support the applications of Industry 4.0 and the growing number of connected devices, businesses need reliable, clean wireless spectrum free from competing traffic. Greater coverage, reliable switching capabilities, and security and privacy are also required.

As private 5G/LTE network technology matures, enterprises and service providers alike clearly see the opportunity to introduce myriad new use cases and bring benefits to organizations in vertical industries. More recently, the digital transformation of telecommunications has been driven by the COVID-19 crisis, which has hit the fast-forward button for the adoption of private 5G networks in industries such as healthcare, manufacturing, logistics, utilities and public safety.

Why Are Private 5G/LTE Networks Vulnerable to Cyber ​​Attacks?

One of the differentiating features 5G offers is the enhanced security of cellular protocols. Newer devices should also have better protection than older devices.

Still, there are many issues and vulnerabilities to consider before deploying a private 5G/LTE network. It's easy to see why: Every type of wireless network is inherently vulnerable because the connection is on the airwaves, accessible to anyone within range.

Key cyber threats to private 5G/LTE networks

Protecting private cellular networks from threats requires knowing and understanding them—not only to mitigate the threats, but also to prepare for the potential consequences of a successful attack.

Let's review the different use cases of private cellular networks in the context of potential threats.

1. Denial of service (DoS)

Denial of service refers to an attack on a device or network that denies a connection or access to a specific connected service. Automakers such as Ford and Toyota have begun using private 5G networks to improve connectivity in their factories, enabling components such as robotic welders to work together more efficiently. When these components rely on private cellular networks to communicate, a DoS attack can compromise even a single orchestrated process, possibly shutting down an entire facility, causing severe financial damage.

With devices that emulate International Mobile Subscriber Identity (IMSI) numbers, hackers can masquerade as cell towers on existing networks and lure other devices to connect to them by offering the strongest signal strength on the network. Once devices are connected to the emulator, they can no longer communicate with the real network. These attacks can be difficult to detect and prevent without the right tools at the network level.

2. Mobile Network Mapping (MNmap)

Wireless data sniffing devices can use identifying data sent over cellular signals to determine what types of devices are connected to the network. This is called an MNmap attack or device fingerprinting. It can give bad actors access to sensitive information about devices in a private network and their capabilities.

In the port of Antwerp, a private 5G network is used to simplify communication between tugboats, inspectors and security services. In this context, it is imperative to eliminate any loopholes in mobile network mapping protocols that could be exploited by bad actors to conceal crimes committed against the person. For example, an illegal trafficker trying to evade detection would want to discover where cellular security cameras around a port are located.

3. Service downgrade

Hackers can use IMSI-emulated devices to perform DoS attacks, but that's not something all of these devices can do. They can also use their status as trusted network nodes to perform "man-in-the-middle" attacks, sending malicious commands to connected devices.

One such attack causes a device to "drop down" to a lower-quality network protocol, causing its service to drop. This can be a subtle but devastating attack on a corporate network. For example, airlines operate private cellular networks at three major airports in Paris. Degraded network quality can wreak havoc on time-sensitive and carefully scheduled operations.

4. Battery consumption

Another type of man-in-the-middle attack can send a signal that quickly drains the device's battery. When used to maintain networks of critical IoT devices, these attacks can have serious and even life-threatening consequences.

One example is the private cellular network used by Newcrest to allow its equipment to operate more securely and efficiently. In that case, it could be dangerous for the remote sensor to accidentally lose battery power, since replacing the battery itself can be a dangerous and complicated operation.

5. Mobile identity acquisition

It is not difficult for hackers to intercept cell phone signals and deduce the identity of the devices that send and receive them. This process of obtaining identities can be the starting point for MNmapping and other attacks, but in some cases, this can be a big enough problem in itself.

Mobile identity capture could compromise patient privacy and security when healthcare and social welfare systems are delivering services using private 5G networks.

6. Malware Delivery

A common goal of man-in-the-middle attacks is to bypass security protocols to spread malware: viruses, bots, keyloggers, ransomware, and other unwanted software.

Like Fujitsu, private 5G networks are used for corporate security, and allowing malware payloads to infiltrate them could be devastating.

7. Intercept communication

Private 5G/LTE networks could be used to provide reliable communication systems in remote and hard-to-reach areas of the world, providing workers in these areas with greater safety and other benefits.

When these networks are the only point of contact with the outside world, the possibility of hackers intercepting and misdirecting communications presents a considerable risk. One possible attack vector is service degradation, forcing devices to connect using slower, less secure communication protocols, making it easier to capture and decrypt data.

8. DNS spoofing

Hackers who gain access to a private network through IMSI impersonation or other methods can launch domain name (DNS) spoofing attacks on that network. This attack based on MiTM (man-in-the-middle) can allow bad actors to change the IP address of the requested DNS server. Bad actors can then redirect domain name requests to malicious websites under their control.

An example of how this type of attack could be extremely harmful is in a school district using a private network for distance learning. Cybercriminals can use DNS spoofing to display unwanted content to students by redirecting traffic from educational portals and virtual classroom links.

9. Uplink simulation

Depending on the nature and structure of the network, simulations can do a lot of harm. By using an attack vector like IMP2GT, an attacker can "reveal" a device on the network as a legitimate target for the aforementioned traffic.

In some Michigan counties, private cellular networks are used to transmit election data, and cybersecurity experts worry that this type of attack could allow vote tampering.

10. Downlink simulation

Hackers who can emulate network-level commands are the most harmful. This is especially dangerous in environments where IoT devices run dangerous or critical systems. Attacks such as IMP4GT allow an attacker to run a malicious site or service under the identity of the real service site.

In the UK, a large gas storage facility uses a private 5G network to manage plant management, safety and operational systems. The damage to health and the environment that can be caused by connected devices acting on malicious instructions cannot be overstated.

While some of the examples above are imaginary scenarios, they describe real-world attacks that could have significant, business-threatening impact.

Securing Private 5G/LTE Networks

Mobile connectivity is critical to the functionality of most technologies used in automation, collaboration, communication and remote work.

While the implementation of private cellular networks has gradually gained momentum over the past decade, the COVID-19 crisis has made it clearer than ever that business continuity and growth require fast, reliable and secure private 5G/LTE networks. Market analysts have noticed a rise in interest in private cellular networks in the wake of the pandemic.

Securing any wireless network is a challenge, and 5G/LTE mobile technology is no exception. It requires a multi-layered approach that considers every connected component; from vulnerable smartphone and IoT device setups, to malware payloads hidden in otherwise harmless business network traffic.

Due to the diversity of threats and vulnerabilities, it is clear that private cellular networks inherently lack the features and capabilities to comprehensively protect the network and its devices. Third-party tools remain a critical component of securing private 5G/LTE networks from external threats, and are necessary for private cellular networks to deliver on their promise of fast, reliable and private wireless communications.