Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

3/24/2021
09:55 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

AdaptiveMobile Security Details Major Security Flaw in 5G Core Network Slicing Design

Security vendor details 5G vulnerabilities and is working with industry to provide mitigation prior to widespread deployments.

Dublin, Ireland March 24th 2021 – AdaptiveMobile Security, the world leader in mobile network security, today publicly disclosed details of a major security flaw in the architecture of 5G Network Slicing and virtualized network functions. The fundamental vulnerability has the potential to allow data access and denial of service attacks between different network slices on a mobile operator’s 5G Network, leaving enterprise customers exposed to malicious cyberattack. The issue has the potential to cause significant security risks to enterprises using network slicing and undermine operators’ attempts to open up new 5G revenues. The probability of attack is only currently low due to the limited number of mobile operators with multiple live network slices on their networks. AdaptiveMobile Security is working in conjunction with the GSMA, operators and standards bodies to address the issue and update architectures to prevent exploitation. The full whitepaper detailing the issue is available for download from https://info.adaptivemobile.com/5g-network-slicing-security.

Network slicing allows a mobile operator to divide their core and radio network into multiple distinct virtual blocks that provide different amounts of resources and prioritisation to different types of traffic. One of the most innovative aspects of 5G, network slicing will let operators provide portions of their core networks for specific vertical customer use cases such as automotive, healthcare, critical infrastructure and entertainment. As a result the network is opened up to many partners and sliced into use cases and vertical specific blocks.

In its research, AdaptiveMobile Security examined 5G core networks that contain both shared and dedicated network functions, revealing that when a network has these ‘hybrid’ network functions that support several slices there is a lack of mapping between the application and transport layers identities. This flaw in the industry standards has the impact of creating an opportunity for an attacker to access data and launch denial of service attacks across multiple slices if they have access to the 5G Service Based Architecture. For example, a hacker comprising an edge network function connected to the operator’s service based architecture could exploit this flaw in the design of network slicing standards to have access to both the operator’s core network and the network slices for other enterprises. The impact being that the operator and their customers are exposed and risk the loss of sensitive location data – which would allow user location tracking, the loss of  charging related information and even the potential interruption to the operation of the slices and network functions themselves.

“5G is driving the mobile industry into adopting the technology and techniques of the IT world to increase efficiency and improve functionality. However, while laudable, there needs to be a wider mindset change. When it comes to securing 5G, the telecoms industry needs to embrace a holistic and collaborative approach to secure networks across standards bodies, working groups, operators and vendors,” said Dr. Silke Holtmanns, Head of 5G Security Research at AdaptiveMobile Security.

The outcome of the research has been shared with the GSMA in line with the standard co-ordinated vulnerability disclosure process. AdaptiveMobile Security is investigating if the currently defined 5G standards’ mechanisms will be sufficient to stop an attacker and in doing so, uncovered three main attack scenarios based on the flaw which cannot be mitigated according to today’s specified technology:

- User data extraction – in particular location tracking

- Denial of service against another network function

- Access to a network function and related information of another vertical customer

“As more of the core network moves to the cloud and an IT-based architecture, so more suitable hacking tools become available for hackers,” Holtmanns continued. “Currently, the impact on real-world applications of this network slicing attack is only limited by the number of slices live in 5G networks globally. The risks, if this fundamental flaw in the design of 5G standards had gone undiscovered, are significant. Having brought this to the industry’s attention through the appropriate forums and processes, we are glad to be working with the mobile network operators and standards communities to highlight these vulnerabilities and promote best practice going forward.”

Full details of the research are published in the whitepaper, A Slice in Time: Slicing Security in 5G Core Networks, which is available for download from https://info.adaptivemobile.com/5g-network-slicing-security

About AdaptiveMobile Security

AdaptiveMobile Security is the world leader in mobile network security, protecting more than 2.1 billion subscribers worldwide. With deep expertise and a unique focus on network-to-handset security, AdaptiveMobile’s award-winning security solutions and services provide its customers with advanced threat detection and actionable intelligence, combined with the most comprehensive security product-set in the market today.

AdaptiveMobile Security was founded in 2006 and counts some of the world’s largest carriers, Governments and Regulators as customers. The Company is headquartered in Dublin with offices in North America, Europe, South Africa, the Middle East and Asia Pacific.

Protecting Every Nation! Every Network! Every Number!

 

Richard Howson
Temono

Direct: +44 (0)7833 693 862

www.temono.com

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27394
PUBLISHED: 2021-04-16
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions <...
CVE-2020-9667
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.
CVE-2020-9668
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.
CVE-2020-9681
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction.
CVE-2021-26830
PUBLISHED: 2021-04-16
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.