October 20, 2023 at 05:55AM
This article discusses cyber threats related to 5G infrastructure and vulnerabilities in the 5G control plane. Attackers can exploit these vulnerabilities by sending control messages disguised as user traffic, which can disrupt operations and cause damage to industries relying on 5G technology. The article recommends implementing access control, separating control and data planes, using open-source software responsibly, and using layered security solutions to mitigate these risks.
Meeting Takeaways:
– The meeting discussed cyber threats related to attacks on 5G infrastructure, specifically focusing on ASN.1 vulnerabilities in 5G cores.
– The meeting highlighted the growing demand for private networks in various sectors and the key capabilities of 5G that make it appealing for private cellular networks.
– There was a discussion about the N1/N2 interfaces in the 5G control plane and the protocols used for these interfaces, such as NGAP.
– The meeting mentioned that ASN.1 decoders have a history of running into problems with malformed data and vulnerabilities associated with them.
– Various vendors of 5G cores use different implementations of the NGAP ASN.1 decoder, and vulnerabilities were identified in both commercial and free-open-source products.
– An analysis of a vulnerability in the free5gc implementation of the NGAP decoder was provided as an example.
– The meeting highlighted the weakness in the routing of user plane messages, which allowed the delivery of anomalous signaling messages to the Access and Mobility Management Function (AMF) and resulted in crashes.
– It was noted that the separation of the control plane and user plane was not properly implemented, leading to security vulnerabilities.
– The meeting discussed the business impact of the vulnerabilities, including the disruption of connectivity and potential consequences in critical sectors.
– Recommendations were given for access control, separation of control and data planes, responsible use of open-source software, and the use of CT-aware DPI solutions/firewalls for enhanced security.
– It was suggested to use layered security solutions and zero-trust solutions, such as Trend Microâ„¢ Mobile Network Security, to ensure the unauthorized use of private networks is prevented and to bring CT and IT security into a unified visibility and management console.