What is 5G and What Does it Mean for Cybersecurity?

April 29, 2019

The buzz around 5G is reaching a fevered pitch – barely a day goes by where it isn’t in the news. (IEEE Spectrum has a tracker for the latest here.) We’ve heard about the data capacity and speed increases, lower latency and lower power consumption. But what exactly is 5G?

When we spoke with Dorothy Stanley, IEEE Member and Chair of the IEEE 802.11 Working Group, she pointed out that confusion stems from the term ‘5G’ being used to refer to several ideas interchangeably: “Is 5G a vision? A set of services and data rates that are a goal to be accomplished, requiring multiple technologies? Or something that’s tied only to cellular carriers and what they can deliver?”

Some experts are most focused on the mixed nature of the technology. Babak Beheshti, IEEE Member and Interim Dean, College of Engineering and Computing Sciences, New York Institute of Technology, for example: “The very design philosophy of 5G is based on network heterogeneity. This means that the network can be a combination of technologies such as Wi-Fi® and LTE.”

Therefore, what 5G means depends on the context of the discussion, but it’s likely to include a combination of technologies.

This heterogeneity makes security more complex. However, there are already some exciting developments in the pipeline for 5G and IoT device security.

“According to T-Mobile US, 4G information being carried across mobile networks was not always encrypted. In 5G, end-to-end encryption is intended to provide much stronger safeguards for data privacy,” Beheshti says.

That will be coupled with a globally unique subscriber permanent identifier (SUPI) for each user. Beheshti: “The SUPI is never broadcast over the air during connection establishment for a mobile device, which can help prevent the hijacking of a mobile’s identity. 3G and 4G networks are inferior in this respect.”

For Stanley, top of mind is “The latest security solution, Wi-Fi CERTIFIED Easy Connect™. You scan the QR code, and that bootstraps a protocol exchange that gets you on the network securely, so your traffic over the wireless link will not be snipped.”

Since IoT devices don’t often have robust user interfaces, using a QR code lets manufacturers create security protocols that can be operated without the use of a keyboard, Stanley says. “The QR code is just a way to encode data. Basically, you’re encoding a public key that then can be used to establish and bootstrap trust. Only the peer device that has the private key can decode that.”

So upcoming security technologies are promising. What can consumers do to make sure their current IoT setups are secure?

For Kayne McGladrey, IEEE Member and Director of Security and Information Technology at Pensar Development, “Consumers should use the ‘guest’ network of their home Wi-Fi routers as a dedicated network for IoT devices, so if one of those devices were compromised, the threat actor can’t easily pivot to more valuable data.”

That’s the case for newer devices, he says. “For older, cheap, IP-based security cameras and digital video recorders (DVRs), the easiest way to secure them is to recycle them responsibly as there often are no security updates available.”

The ability to update devices over their lifetime is essential to security, and should factor into buying decisions, he says.

Han Guangjie, IEEE Senior Member and professor at Hohai University, seconds this point: “Check and update the IoT device firmware. If IoT devices have exploitable vulnerabilities, manufacturers often identify and fix problems before the hacker can access the device’s environment.”

If you’re curious to hear more about potential IoT safety solutions, take a look at IEEE’s 2017 report Internet of Things (IOT) Security Best Practices, which gives the manufacturers of IoT devices a clear set of safety recommendations.