Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

12/5/2019
12:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

70 Top Hackers from Around the World Gathered in Finland for the 5G Cybersecurity Hackathon

On November 29, top hackers from all over the world gathered to Oulu, Finland to test their skills against 5G and cybersecurity during the weekend. Oulu, located near the Arctic Circle, is known as a global 5G and 6G hotspot and is the home to research and development of top-tier cybersecurity.

The world’s first open 5G Cybersecurity Hackathon gathered 70 cybersecurity specialists from 15 different countries to compete in challenges set by Ericsson, Nokia and Oulu University. The hackathon was arranged by the National Cybersecurity Centre Finland from Finnish Transport and Communications Agency Traficom.

“Cybersecurity is a key pillar of our digital society. Ensuring cybersecurity should be a joint effort between equipment manufacturers, technology users and authorities. To be able to grasp emerging opportunities, it is wise to be one of the first to generate expertise and create a common front to improve 5G cybersecurity. As a national agency, we want to collaborate actively with international technology businesses and leading security professionals to reach our common goal: a reliable and secure digital society,” says Jarkko Saarimäki, Director of the National Cybersecurity Centre Finland at Traficom.

The majority of the hackers had no hands-on experience with 5G networks and appreciated the opportunity to be among the first ones in the world to explore 5G. Themes of the hackathon included improving the cybersecurity in 5G infrastructure and ensuring the information security in digital services used over 5G. The hacker teams dug deep into the cybersecurity aspects and could provide useful insight and point out topics which will add value to development of cybersecurity fundamentals. Everyone benefited from the hackathon learnings and the event was considered to be a success by all parties.

“For us, the key benefit for joining the 5G Cybersecurity Hackathon was to engage with the security community embracing the opportunity of having some of the world’s leading hackers putting their skills at test on our 5G solution. 5G is the most secure communication technology we have seen so far – further improving the security and privacy from the already strong 4G. Having said that, we wanted to expose our 5G technology to the hackers and go ‘all-in’. No critical issues were discovered, but even all the minor findings made during the weekend are already processed by Ericsson security experts and fed back to R&D,” says Mikko Karikytö, Head of Network Security, Ericsson.

“To ensure public trust in 5G, it is important that security is built in from the start and that potential security gaps are identified at an early stage,” explains Niklas Lindroos, Head of Security for Mobile Networks and Global Services at Nokia. “This 5G Hackathon event was a great opportunity to do just that and for the industry to learn about network security. We are pleased that no major security defects were found in our product – a testament to our robust product security processes. However, we did gain unique insight into future attack surfaces and can design the defenses of future products accordingly.”

5G technology will be one of the building blocks of our future digital society all over the world. Transition to the 5G technology will be accompanied by a more significant change than any of the previous generations of mobile communications networks. Ensuring cybersecurity in networks will be crucial for the services provided by the public sector and businesses in the future.

“This was a big learning experience for us all. 5G security promises were not broken, but thanks to the professionals spending their time here, we learned a lot about the network security issues. Also, it is important to utilize the lessons learned from other networks. The university will benefit from the hackathon’s results greatly, and this encourages us to intensify our research efforts. Our 5G network is available for cooperation as well as for real application tests in the future,” says professor Juha Röning from the University of Oulu.

The hackathon will be followed by Leading Edge 5G Forum on February 13th, 2020 in Helsinki, Finland. The event will gather the leading cybersecurity experts and decision-makers from around the world in a single forum. In addition, the findings of the hackathon will be discussed in the forum.

Participants include major technology vendors, EU cybersecurity authorities, top decision-makers and representatives from some of the biggest operators around the world in addition to leading professionals and evangelists in the field of 5G cybersecurity.

Additional information:

Sauli Pahlman, Head of Department, National Cybersecurity Centre Finland at Traficom

Tel. +358 295 390577, sauli.pahlman(at)traficom.fi

More about Traficom:

www.5gcyberhack.fi 

www.traficom.fi/en/

www.kyberturvallisuuskeskus.fi/en/

More about the 5G Test Network in Oulu: https://5gtn.fi/

Information about the Finnish 6G Flagship programhttps://www.oulu.fi/6gflagship/

More about Ericsson´s cybersecurityhttps://www.ericsson.com/en/security

More about Nokia’s cybersecurityhttps://www.nokia.com/networks/portfolio/security/

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Attacker Dwell Time: Ransomware's Most Important Metric
Ricardo Villadiego, Founder and CEO of Lumu,  9/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25288
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitra...
CVE-2020-25781
PUBLISHED: 2020-09-30
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
CVE-2020-25830
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.
CVE-2020-26159
PUBLISHED: 2020-09-30
In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c .
CVE-2020-6654
PUBLISHED: 2020-09-30
A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.