Security News > 2021 > April > New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks
New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network.
As the name indicates, the idea is to "Slice" the original network architecture in multiple logical and independent virtual networks that are configured to meet a specific business purpose, which, in turn, dictates the quality of service requirements necessary for that slice.
"The 5G SBA offers many security features which includes lessons learned from previous generations of network technologies," AdaptiveMobile said in a security analysis of 5G core network slicing.
"But on the other hand, 5G SBA is a completely new network concept that opens the network up to new partners and services. These all lead to new security challenges."
The attacks hinge on a design quirk that there are no checks to ensure that the slice identity in the signaling layer request matches that used in the transport layer, thus permitting an adversary connected to the 5G operator's SBA through a rogue network function to get hold of the core network as well as the network slices.
As countermeasures, AdaptiveMobile recommends partitioning the network into different security zones by applying signaling security filters between different slices, the core network and external partners, and the shared and not-shared network functions, in addition to deploying a signaling layer protection solution to safeguard against data leakage attacks that leverage the missing correlation between layers.