5G network slices could be vulnerable to attack, researchers say

5G promises increased speed, lower latency, and support for a significantly larger number of connected devices. But the growth in devices and in new applications that will ensue also will expand the attack surface, offering new opportunities for malicious actors to take advantage of security gaps.

Plus, as with any new technology, there is a great deal of potential for misconfigurations, errors, and unpatched vulnerabilities while companies are still learning how to deploy and secure 5G at scale.

About 75% of communication service providers worldwide said that they had experienced up to six security breaches of 5G networks within the past year, according to a November 2022 survey by GlobalData and Nokia. Half of the respondents said that they experienced an attack that resulted in the leakage of customer data, and nearly three quarters said that an attack had caused a service outage.

But 5G networks have a great, built-in security advantages over their predecessors, one of which is network slicing—the ability to subdivide networks into multiple virtual networks on top of a single physical infrastructure. Each network can have its own configurations, performance parameters, and quality of service. This allows different applications to share the same physical infrastructure but also provides an additional layer of isolation and security, creating barriers to attacker movement.

“5G introduced a large number of technical innovations and improvements to 4G technology, but network slicing was one of the most important,” says Doug Gatto, practice development manager, services, at IT services provider Insight, and security benefits are a major advantage. “It can really reduce the impact of a cyber attack by isolating an attack to one slice.”

However, a misconfigured 5G network slice is vulnerable to multiple threats, including denial-of-service attacks, man-in-the-middle attacks, and basic configuration attacks, he says. And if the slices aren’t designed properly, an attacker could also move from one slice to another, he adds.

Read full article at Network World.