The European Union Agency for Cybersecurity (ENISA), an entity dedicated to achieving a high common level of cybersecurity across Europe, updated the ENISA 5G threat landscape, published in its first edition in 2019.
ENISA contributes to EU cyber policy, increases the reliability of ICT products, services and processes with cybersecurity certification schemes, cooperates with EU Member States and bodies and helps Europe prepare for cyber challenges tomorrow.
The document produced by the agency covers all the novelties introduced, captures developments in the 5G architecture and summarizes information found in standardization documents related to 5G. In addition, vulnerability and threat assessments have made significant progress over the previous edition, by providing more comprehensive information on the exposure of updated 5G architecture assets. 5G is one of the premises for the development of industry 4.0 and, with so many vulnerabilities, it will be up to the developers of industrial technologies to implement more security.
Thiago Branquinho, CTO of TI Safe, assesses that 5G is a technology that, due to its high performance and reliability, will make it possible to establish new processes and technologies in industry 4.0. In technological terms, it is a much more significant change than the adoption of Wi-Fi networks in the 2000s. However, like most technologies, 5G was designed to “work” and not to “be secure”. “So there are intrinsic vulnerabilities that can be exploited by threats. If controls are not established, compromising the correct functioning of these networks can cause major impacts ”, highlights Thiago.
Among the numerous threats, the TI Safe CTO highlights three:
1. Tampering with network settings
We are talking about a new technology, which will require a new modus operandi. Most likely, in the early years of 5G adoption, we may encounter incorrect and / or insecure settings, such as using weak passwords or routing errors. This raises the attack surface, making networks susceptible to tampering by attackers.
2. Denial of service (DoS)
This threat has permeated technology since the beginning. Employing resources to push a system's limits will remain a problem for 5G.
3. Malicious code
There will be a lot of code embedded in 5G operations. This opens the possibility for the injection of malicious code (malware) that performs specific functions, such as gaining “super user” access. This means that there may be listening and tampering with information, interference with normal functioning, hijacking of networks, among others.
Visit to download the ENISA report.