As 5G becomes more ubiquitous across the globe, the security community is given more of a chance to review and understand the potential security concerns associated with implementing the standard. These security concerns fall into two categories: inherited flaws and out-of-specification issues.
Bloomberg reports that it will cost hundreds of billions of dollars to upgrade from 4G/LTE to 5G. This is a massive cost for any company or nation to bear, requiring many companies to slowly phase in the next generation of cellular technology over the next decade. Because these partial 5G networks rely heavily on pre-existing 4G/LTE technology, they will also absorb their vulnerabilities.
Because of how fast technology moves forward, it can be difficult even for tech enthusiasts to keep up to date, let alone non-technical people. To ensure that everyone has sufficient time to upgrade, new standards are typically made to support older ones as well. However, in allowing support for older generations, downgrade attacks can potentially be performed.
Downgrade attacks trick users into leveraging the insecure and out-of-date versions of a protocol. These types of attacks can be found everywhere. For instance, the Transport Layer Security (TLS) protocol that a browser leverages to securely surf the internet. Even the latest TLS version published in 2018 has been found to be vulnerable to downgrade attacks. But, there’s an easy fix. A web browser can be configured to limit access to websites that leverage the latest, most secure protocols, disabling anything deemed insecure. With those protocols disabled, if someone attempts a downgrade attack against, the browser will simply refuse.
Cellular devices don’t have the same flexibility that web browsers do. When a mobile device connects to a cellular network, the user has no control over the process. There’s no setting in an iPhone or a Pixel that can be configured to prevent a phone from connecting to out of date and…