Security expert and cryptographer Bruce Schneier discussed the 5G security issue reported to speak, which is currently mainly concerned with the question of Chinese influence on the network technology of the network supplier Huawei, which also comes from China. According to Schneier, these are easy to understand, but the problems with 5G security are significantly more extensive and deeper.
"Chinese, Iranians, North Koreans, and Russians have been breaking into US networks for years without control over the hardware, software, or companies that make the devices."explains Schneier. The NSA has also been breaking into foreign networks for years. According to the Snowden documents, the British secret service GCHQ hacked the Belgian telephone company Belgacom, whose customers include the EU Commission. "5G won't change these attacks either"says Schneier. But 5G itself also has some key problems.
Three key security issues with 5G
Schneier sees three key security problems with 5G. "First, the standards are simply too complex to implement safely"explains Schneier. Although this is a general problem, it is particularly pronounced with 5G. In addition, a large part of the network is virtualized. This means that the functions in software are implemented on dynamically configurable hardware, which increases the points of attack dramatically.
A second problem, according to Schneier, is backward compatibility. Because 5G builds on 4G and is inseparably mixed in most installations, attackers could force 5G systems to use more vulnerable 4G protocols, for example.
"Third, standard 5G committees have missed many opportunities to improve security"explains Schneier. Many of the new security functions are optional, and network operators can choose to implement them or not. This had already been done at 4G and had the result that network operators sometimes did not implement mandatory security features because it was too expensive. "Worse: At 5G, development, performance, costs and time-to-market were put ahead of security, which was treated as an afterthought.", criticizes Schneier.
Correspondingly, security gaps had already been discovered in November, which made it possible to track 5G users in real time, receive fake emergency warnings, or completely interrupt the connection to the 5G network. At this point, we should also refer to the SMS successor RCS, which enables text messages to be read along.
Access and profit instead of security
All of these problems are due to the fact that short-term corporate profits will prevail over the wider public good. "In a capitalist free market economy, the only solution is to regulate companies"explains Schneier. So far, the USA has shown no interest in this. In addition, intelligence agencies such as the NSA or law enforcement agencies such as the FBI would benefit from insecure systems to facilitate their own data collection.
It was too late for 5G to solve all the security problems. Schneier hopes that 6G will work differently. The standardization bodies had just started a discussion about the next iteration of mobile communications. Until then, Schneier suggests building secure systems on top of the insecure network. Encryption in messengers such as Whatsapp protects against eavesdropping and distributed protocols prevent interruptions.