Recently, the Ministry of Industry and Information Technology held a national video and telephone conference in Beijing to deploy and promote 5G security work. The meeting pointed out that the current pace of my country’s 5G network construction is accelerating, and nearly 850,000 5G base stations have been built, forming the world’s largest 5G independent networking network, and 5G industry application innovation cases have exceeded 10,000. 360 security experts said that 5G will become a revolutionary technology that will change the future and a key infrastructure in the era of the Internet of Everything. It will have a major impact on personal security, government and enterprise security, and even national security. However, while 5G is developing, it is necessary to do a good job in network security at the same time. “Foundation engineering”, otherwise, “5G” construction is actually “streaking”.
The meeting also emphasized the importance of having a deep understanding of the importance of doing a good job in 5G security, effectively grasping the characteristics of the stage, innovation, and complexity of 5G development and evolution, planning and collaborative innovation as a whole, and integrating security concepts and measures throughout 5G. Plan all aspects of the entire process of construction and integration of applications to achieve synchronization of 5G development and security.
The reason why 5G security is so important is that, on the one hand, the value brought by 5G is not simply to allow consumers to watch videos faster on mobile phones, but to create for the age of the industrial Internet and the Internet of Things. “In the future, a large number of scenarios will be transferred to 5G, and more critical infrastructure and important applications will also be built on 5G.” 360 security experts said.
On the other hand, 5G accelerates the interconnection of all things, opening up the virtual world and the physical world, so that attacks that were only in the virtual world in the past can turn cyber attacks into harm to the physical world through the Internet of Things, leading to social shutdowns, factory shutdowns, and large-scale Area power outages, this hazard far exceeds the intrusion of viruses and Trojan horses today.
“When tens of billions or even hundreds of billions of IoT devices are connected via 5G, we must consider how to ensure their security.” 360 security experts said. He pointed out that 5G specifically faces six cyber security challenges. First, the core network modules of 5G are more complex, and there will be more security issues when building private networks in conjunction with MEC; second, low-latency services expand the attack surface; third, large-connection services make 5G a high level of hacker attacks. Value goals; fourth, network slicing technology makes the network boundary blurred; fifth, the problem of pseudo base stations still exists; sixth, higher requirements for the protection of user location privacy.
Therefore, escorting 5G security is imminent. It is reported that 360 has discovered and assisted in repairing the world’s first 4G network protocol vulnerability, which allows attackers to hijack text messages and voice calls from any 4G terminal. This work makes 360 the first security team to enter the Global System for Mobile Communications Association (GSMA) Mobile Security Hall of Fame.
In the direction of 5G security, 360 conducts research from four aspects: terminal layer, network layer, edge layer, and platform application layer, and proposes corresponding security deployment plans. In 2020, 360 participated in the establishment of the power 5G application security management technology project in cooperation with the Electric Power Research Institute, and conducted in-depth research based on the key technologies of 5G regulatory business security protection.
At present, 360 has built a 5G open source platform to realize NSA’s terminal access and business data transmission. The follow-up will rely on the boofuzz fuzzing test framework for protocol conformance testing. After automatically sending a mutation message each time, for different monitoring APIs, the current device status can be observed in real time through the protocol monitoring window to determine whether the device is abnormal. The tool can be deployed in private networks such as corporate campuses to cooperate with multi-network and multi-standard drive test systems to discover device 5G module protocol vulnerabilities.
Disclaimer: This article is for reference only and does not constitute investment advice.