29 June 21, 08:18
(This post was last modified: 29 June 21, 08:19 by silversurfer.)
Quote:As 5G private networks roll out in the coming years, security may be a key issue for enterprises. A survey released at Mobile World Congress on Monday shows that major gaps persist in security capabilities among mobile operators.
Some 68 percent of operators already sell private wireless networks to enterprise customers, with the rest planning to do so by 2025, according to the study, from the GSMA and Trend Micro. However, from a security perspective, these may not be ready for prime time: 41 percent of surveyed operators said they face challenges when it comes to solving vulnerabilities related to 5G’s network virtualization, for instance.
Also, 48 percent of them said they don’t have enough internal knowledge or tools to discover and solve security vulnerabilities at all. A contributing factor to the problem is a limited pool of mobile-network security experts for 39 percent of surveyed operators.
5G networks represent a sea change from prior wireless networks in that they are largely software-defined and virtualized. Network functions, historically defined in hardware, become virtual software capabilities in 5G, all orchestrated via a flexible software control plane. Even the air interfaces in the radio access network (RAN) are software-defined in 5G.
The problem is that this raises the possibility for rafts of exploitable vulnerabilities to emerge throughout the architecture in places that were never exposed before.
“Because so much of the environment is virtualized, there will be a lot of software creating images and tearing them down – the volume of virtualization is unlike anything we have experienced so far,” William Malik, vice president of infrastructure strategies at Trend Micro, told Threatpost. “The risk there is that we do not know how well the software will perform under such huge loads. Every experience with distributed software under load suggests that things will fail, services will drop and any vulnerability will be wide open for exploitation.”
Read more: 5G Security Vulnerabilities Fluster Mobile Operators | Threatpost