Science

With 5G, Cybersecurity Researchers See a Hotbed of Security Risks

"It's like going from fireworks to dynamite sticks."

by Danny Paez

The fifth-generation of wireless broadband technology is on the horizon. The FCC is advocating for its rollout, while internet service providers like Verizon, T-Mobile, and Sprint are pushing to make the network available in select cities in 2019, 2020, and beyond.

But where organizations moving toward this tech see ripping-fast internet and endless potential, cybersecurity researchers see a hotbed for a new era of intensified cyber war.

Stuart Madnick, who’s been professor of information technology at the Massachusetts Institute of Technology since 1972, tells Inverse that the FCC and ISPs are casting a double-edged sword in their rush to implement 5G.

“It’s like going from fireworks to dynamite sticks,” Madnick says. “5G encourages further evolution and expansion of Internet of Things related networks. All of the good news and bad news that comes along with this technology gets magnified.”

He’s especially concerned about the risk of denial of service attacks — or DDoS for short — becoming more powerful than ever before. One of the advertised benefits of 5G is that it will allow even more IoT devices, like refrigerators or light bulbs, to come online. This would allow users to remotely check the contents of their fridge or dim their bedroom lights using their phones, but these devices can also be harnessed for nefarious purposes.

Map of areas most affected by the 2016 Dyn cyberattack.

DownDetector Level 3 Outage Map

One of the most notorious DDoS incidents in history — the 2016 Dyn cyberattack — was facilitated by unsecured IoT devices, like security cameras, printers, and baby monitors. Hacker groups Anonymous and New World Hackers allegedly took control of thousand of electronics that still had their default passwords to amass an army of zombie devices, known as a botnet.

This network was used to overwhelm the servers of internet performance management company, Dyn. Websites like Twitter, SoundCloud, Spotify, and Shopify were inaccessible for a day. Madnick believes this could happen again, to a degree that hasn’t even been imagined yet. Perhaps the biggest sites on the web will go down for days, including online blanks, or worse, the internet that controls a public utility like electricity. Perhaps the biggest sites on the web will go down for days, including online blanks, or worse, the internet that controls a public utility like electricity.

“The fact that 5G increases the speed means that it takes even fewer of them to overwhelm a given organization because now you can get an exponential rate of traffic directed to someone,” Madnick cautions, before adding: “The worst is yet to come.”

Government agents and private entities aren’t protected from this scenario. In an interview with Inverse, FCC commissioner Brendan Carr gave a broad description of the agency’s game plan when it comes to protecting consumers and firms from the potential of a mass-scale DDoS assault.

“For communications, the Department of Homeland Security is the lead federal agency on this issue and the FCC has a role to play as well,” Carr explains. “Among other things, we bring out network-based expertise and DHS brings their broader, cyber-based expertise and we work together with them on that.”

A few weeks after the massive DDoS attack of 2016, the DHS issued a fact sheet with the title, “Distributed Denial of Service Defense.” It too offers a warning about the future: “It is not clear if current network infrastructure could withstand future attacks if they continue to increase in scale.”

Stacheldraht botnet diagram showing a DDoS attack.

5G will enable more devices to go online then ever before. But with that capability comes the an increased security risk.

Unsplash / Jens Johnsson

Threats of potential hacks aside, this likely won’t dissuade the roll out of 5G technology. 4G LTE infrastructure is nearing its capacity as consumers want more information at their fingertips instantaneously and this upcoming upgrade will enable that and even more virtual services and digital products we never thought possible.

With new technology comes the danger of the unknown, it’s a cycle that Madnick knows well. The people in charge of protecting and policing the system are imperfect and there will always be cybercriminals there to pouncing on weaknesses.

“Whenever there is a technological or organizational change we enter a new danger zone because basically,” says Madnick. “We don’t have the experience to know what we’ve unleashed. 5G will bring about good things, but there will be lots of things we will only learn about as time goes on.”

However, without risk there is no reward. Dyn cyberattack did damage, but all the benefits 4G LTE has brought are still here and when the inevitable 5G cyberattack comes the recovery might look a lot similar.