True 5G wireless data, with its ultrafast speeds and enhanced security protections, has been slow to roll out around the world. As the mobile technology proliferates—combining expanded speed and bandwidth with low-latency connections—one of its most touted features is starting to come in to focus. But the upgrade comes with its own raft of potential security exposures.
A massive new population of 5G-capable devices, from smart-city sensors to agriculture robots and beyond, are gaining the ability to connect to the internet in places where Wi-Fi isn’t practical or available. Individuals may even elect to trade their fiber-optic internet connection for a home 5G receiver. But the interfaces that carriers have set up to manage internet-of-things data are riddled with security vulnerabilities, according to research that will be presented on Wednesday at the Black Hat security conference in Las Vegas. And those vulnerabilities could dog the industry long-term.
After years of examining potential security and privacy issues in mobile-data radio frequency standards, Technical University of Berlin researcher Altaf Shaik says he was curious to investigate the application programming interfaces (APIs) that carriers are offering to make IoT data accessible to developers. These are the conduits that applications can use to pull, say, real-time bus-tracking data or information about stock in a warehouse. Such APIs are ubiquitous in web services, but Shaik points out that they haven’t been widely used in core telecommunications offerings. Looking at the 5G IoT APIs of 10 mobile carriers around the world, Shaik and his colleague Shinjo Park found common, widely known API vulnerabilities in all of them, and some could be exploited to gain authorized access to data or even direct access to IoT devices on the network.
“There’s a big knowledge gap. This is the beginning of a new type of attack in telecom,” Shaik told WIRED ahead of his presentation. “There’s a whole platform where you get access to the APIs, there’s documentation, everything, and it’s called something like ‘IoT service platform.’ Every operator in every country is going to be selling them if they’re not already, and there are virtual operators and subcontracts, too, so there will be a ton of companies offering this kind of platform.”
The designs of IoT service platforms aren’t specified in the 5G standard and are up to each carrier and company to create and deploy. That means there’s widespread variation in their quality and implementation. In addition to 5G, upgraded 4G networks can also support some IoT expansion, widening the number of carriers that may offer IoT service platforms and the APIs that feed them.
The researchers bought IoT plans on the 10 carriers they analyzed and got special data-only SIM cards for their networks of IoT devices. This way they had the same access to the platforms as any other customer in the ecosystem. They found that basic flaws in how the APIs were set up, like weak authentication or missing access controls, could reveal SIM card identifiers, SIM card secret keys, the identity of who purchased which SIM card, and their billing information. And in some cases, the researchers could even access large streams of other users’ data or even identify and access their IoT devices by sending or replaying commands that they shouldn’t have been able to control.