Security News > 2021 > March > 5G network slicing vulnerability leaves enterprises exposed to cyberattacks

5G network slicing vulnerability leaves enterprises exposed to cyberattacks
2021-03-24 12:23

AdaptiveMobile Security today publicly disclosed details of a major security flaw in the architecture of 5G network slicing and virtualized network functions.

The fundamental vulnerability has the potential to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network, leaving enterprise customers exposed to malicious cyberattack.

The issue has the potential to cause significant security risks to enterprises using network slicing and undermine operators' attempts to open up new 5G revenues.

AdaptiveMobile Security examined 5G core networks that contain both shared and dedicated network functions, revealing that when a network has these 'hybrid' network functions that support several slices there is a lack of mapping between the application and transport layers identities.

A hacker comprising an edge network function connected to the operator's service based architecture could exploit this flaw in the design of network slicing standards to have access to both the operator's core network and the network slices for other enterprises.

"Currently, the impact on real-world applications of this network slicing attack is only limited by the number of slices live in 5G networks globally. The risks, if this fundamental flaw in the design of 5G standards had gone undiscovered, are significant. Having brought this to the industry's attention through the appropriate forums and processes, we are glad to be working with the mobile network operators and standards communities to highlight these vulnerabilities and promote best practice going forward."


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/_TIy-hyZfE8/