5G, virtue, or threat?

It is currently on everyone’s lips when it comes to technological advances. A threat for some, solution for others, the 5G is one of the problems of our time. Deployed since the beginning of the year in many American states, its forthcoming arrival in France was slowed down by the coronavirus crisis.

But concretely, what is 5G? What are the ins and outs around its deployment? What are the cybersecurity risks? Between what is and what could be, between explanations and hypotheses, some elements of answers.

We are in 2011 when the main French telephone operators obtained 4G LTE licenses from the French Regulatory Authority for Electronic Communications, Posts and Telecommunications (RAECPT), and the distribution of the press. As soon as the following year, 4G began its experimental deployment. In May 2018, after two calls for tenders contested by our operators, more than 36,000 4G relay antennas are present in the territory, covering more than 98% of the French population. Symbol of our special appetite for new technologies, represented by broadband and network fluidity, 4G is already in the process of being replaced by its successor: the 5G.

In fact, this is not entirely new in France. Testing phases of this technology have already been launched in 2015 and 2017 with the promise of commercialization in spring 2020. Although this project is postponed due to the COVID19 crisis, one question remains unanswered: what is the difference between 4G and 5G? On average, 5G is 20 times faster than 4G with a maximum download speed of 20Gb/s versus 1Gb/s for 4G. Another of its strengths is latency. This will be divided by 10 compared to 4G. In many respects, this responsiveness is of paramount importance to the industry sector. Constant and near-immediate exchanges of data may emerge other uses such as those of autonomous transport.

In addition, the 5G promises smoother navigation and increased usage. Indeed, this technology will be able to withstand multiple connected objects simultaneously without the risk of network congestion. In other words, faster, more responsive, and more connected. And it is probably on this last aspect that the new risks will emerge. While everything is already more or less connected, 5G risks exploding the number of data shared through everyday objects. More interconnection between devices, more entry points, and vulnerabilities for hackers. The Internet of Things in short…

A concept that most of us don’t know, but one that is likely to be very much present in our lives for years to come. The Internet of Things (IoT) refers to a growing number of objects connected to the Internet. It first appeared in the United States in the 1980s and has spread rapidly thanks to globalization. From computers connected to servers responsible for supervising them, we have moved on to objects connected to centralized servers capable of communicating with each other. With 5G, new functionalities are created that involve both the connected object and the application hosted in the Cloud. The result is an overabundance of data in transit through the air via millimeter waves, the preferred frequency of 5G. In other words, this already ubiquitous data will literally flood our daily lives. For example.

The connected home, the autonomous vehicle, 360° immersive videos, or the intelligent city, so many technologies that are currently being tested or marketed. Let’s take the case of the autonomous car. Their number should double in five years. A prime target for hackers since they will probably be able to deactivate the vehicle’s controls, take the wheel, or switch to automatic pilot. This is a frightening possibility and will inevitably involve the theft of the data emitted by the vehicle. The same goes for the intelligent city, where most urban furniture will be likely to be interconnected, such as traffic lights, street lamps, and antennas. If the community is vulnerable, so is the individual. As a victim of computer hacking, a connected home will see all of its connected objects become inactive, from electric shutters to the refrigerator, and, of course, it’s a home automation system. As you will have understood, there are risks involved. One can then logically ask the following question: these hackers, how do they deal with this new technology?

The question is not so much the cause as the consequences. In reality, the typologies of attack are not evolving that much. They follow the patterns we already know, such as ransomware and phishing. Therefore, if the methods don’t change, the impact is magnified with the increase in the potential area of attack. Companies, communities, cities, countries, all these entry points are synonymous with access to data for hackers. According to a report issued by an American operator on mobile security in 2020, 43% of the companies surveyed indicated that they are increasing the number of connected devices, to the detriment of their security. Of the 1,100 professionals surveyed, 39% of them claim to have been victims of attacks on their mobile networks. These figures are 6% higher than the previous year. When we know that 90% of attacks are the result of human error, awareness is the first step in prevention. This is a task that the cyber expert carries out during his or her interventions.

5G is unlikely to change the world of hackers. In the past, hackers have already demonstrated their ability to adapt to their environment. As soon as new technology emerges, they try to circumvent the problem in order to hijack it and thus find loopholes so that everyone can get into it. They constantly renew themselves, know what they are doing, and have understood how to monetize it. Even more so now that personal data has a real value in the parallel ecosystem they occupy. In addition to the explosion of data, the increase in throughput provided by 5G could pave the way for cyberattacks from a car. Like some movies and video games, hackers will be perfectly capable of connecting with their mobile phones. We are entering a particularly pernicious system that can be summed up by the adage: the more powerful a technology is, the greater the impact when it turns against its original purpose.

It is therefore essential that the installation of 5G in France be carried out assiduously in order to limit as far as possible any security loopholes in the infrastructures equipped with this technology. The first mistake would be haste. Add to this the responsibility of the users, who often leave the field open to hackers. This is why the cyber expert takes a risk-based approach. In other words? An analysis by projecting and anticipating all risks related to the arrival of new technology. The expert weighs the pros and cons, the benefits, and the dangers. He imagines all the possible piracy scenarios in order to propose a prevention solution to be applied to a given application.

Contactless payments are now commonplace. From the €20 threshold up to now, we have recently moved to €50. This development is certainly in the direction of the user, even more so in the current period when physical contact is limited. With the exception of when our user’s credit card is stolen, the stakes are different and the risks are higher. With 5G it’s the same thing: more speed in payment, more capacity for action, and more potential loopholes for hackers to exploit. The same scheme will also apply to businesses. The latter will be obliged to increase their surveillance and security perimeter. Despite its virtues, the arrival of new technology unconsciously extends the hackers’ field of action without the user even realizing it. This is probably where the bulk of the threat lies.

If one would think that everything is lost as a result of this article, this is of course not the case. Our technological backwardness compared to the United States, particularly due to the coronavirus crisis, allows us to draw on their own experience with 5G-based cybercriminal attacks. This is why our expertise is ready to respond to this type of threat through an in-depth analysis of the risks of this new technology that is about to change our society.

Thibault CARRE – Cybersecurity Development Manager| INQUEST

Yannick ESSAIDI – Cybersecurity Analyst | INQUEST