5G security vulnerabilities, most of which can be fixed
5G networks have the characteristics of large bandwidth, wide connection, and low latency, so that everything can be connected, everything can be counted, and information is at your fingertips, and intelligence is everywhere. But while we enjoy the convenience of 5G networks, we must not ignore its security issues.
Recently, according to foreign media reports, researchers at Purdue University and the University of Iowa have found multiple 5G security vulnerabilities. Hackers can use these vulnerabilities to locate users in real time, and even let users unknowingly The 5G phone is offline.
So why are these security holes happening? Can these vulnerabilities be fixed? How should users respond to this type of hack? Science and Technology Daily reporters interviewed relevant industry experts.
Security breach was "old problem"
What exactly are these vulnerabilities appearing on 5G phones?
Yan Huaizhi, director of the Institute of Computer Networks and Adversarial Technology at Beijing Institute of Technology, said in an interview with reporters from Science and Technology Daily that most of these vulnerabilities belong to network protocol vulnerabilities. At the beginning of research and development, 5G network protocols designed permanent user identifiers and hidden user identifiers, and most vulnerabilities were "hidden" in these two identifiers. These identifiers are the user's "passport" on the network, and if a hacker gets it, he can "sneak into" the target user's mobile phone.
"As long as an attacker uses a pseudo base station, they can discover these vulnerabilities and then carry out corresponding network attacks." Yan Huaizhi said.
So, what is a pseudo base station?
"As the name suggests, a pseudo base station is a fake base station that is disguised, and it is also an independent device. A pseudo base station is usually a device composed of hardware such as a host and a laptop. It can use communications network and protocol defects and vulnerabilities to search for Take it as the center, mobile terminal information within a specific radius. "Yan Huaizhi said.
Yan Huaizhi pointed out that fake base stations have two main hazards: one is that it will interfere with normal communication and prevent users from getting normal communication services; the other is that criminals can use the fake base station to communicate with the user's mobile phone and send them fraudulent text messages and false advertisements. And other information, or monitoring user communication data (such as SMS verification code), and even logging in to the user's mobile bank account to steal money.
"However, in general, the problems caused by these vulnerabilities are not unique to 5G networks, and pseudo base stations are nothing new." Yan Huaizhi said that traditional mobile communication networks such as 4G and 3G are also possible. Under the same threat.
Since it is "old fault", why weren't these loopholes discovered in the early stages of R & D?
Yan Huaizhi said that in specific practice in the field of communication engineering, security loopholes in information systems have emerged, and this problem is almost unavoidable. This is especially true for complex systems like 5G communication networks. The discovery process of the vulnerability will run through the entire life cycle of the information system. Although early in the research and development, security needs analysis, security design, security coding, security testing and other means can be used to minimize or avoid the occurrence of vulnerabilities, but if you want to be foolproof, Basically impossible.
Take multiple measures to reduce adverse effects
So, can these vulnerabilities be fixed?
"Most of the vulnerabilities can be repaired, but a small part of them may persist." Li Weiguang, a security expert at 360 Security Research Institute, told reporters in the Science and Technology Daily that vulnerabilities such as forged alert information can be repaired by appending to the alert message. Just sign the message.
"Although some loopholes will continue to exist, their own harm is relatively small, it will not cause greater harm to the 5G network business, and it will not affect the normal use of users. Don't worry too much." Li Weiguang said.
Yan Huaizhi also pointed out that in general, a process is needed to establish security standards for 5G networks. Over time, personal-level 5G network applications will achieve controllable risks, and current vulnerabilities have little impact on individual users. "In the future, the industry will need to pay more attention to the security issues of 5G network large connection services, especially 5G applications in areas such as industrial control and the Internet of Things. At the same time, 5G network slicing technology makes the boundaries of mobile networks no longer clear, and 5G The existence of fake base stations will make 5G users' location information and data content face greater security risks than in the 4G era. "Yan Huaizhi said.
Regarding how to reduce the adverse effects caused by 5G loopholes, Yan Huaizhi believes that this requires multiple measures and a multi-pronged approach. "First, we must promote the implementation of security standards for 5G networks. At the same time, we must complete the prevention and repair of vulnerabilities at the technical level, and improve the security of 5G networks from the source. Second, we must severely crack down on illegal equipment such as fake base stations and defeat attacks. The home base of the researcher. Once again, on 5G mobile phones, 5G smart watches and other user terminal devices, relevant R & D personnel must deploy vulnerability identification software and actively implement relevant security protection measures. Finally, relevant departments must strengthen the end user's awareness of network security, Popularize basic protection common sense. "Yan Huaizhi said.