In a world of cyberwar and cyber threats, many online devices are danger from 5G

Although the fifth generation mobile network, 5G, has security protocols considered state-of-the-art by experts, the ultra-connected world promised by technology brings dangers and requires care with cyberattacks.

The reason is that, with a much larger number of devices accessing the internet, the potential entry points for hackers (what experts in the field call an “attack surface”) multiply.

Another source of concern is that, despite 5G being more secure than previous generations, part of the networks being built today are not the so-called standalone, or “pure”, networks made specifically for this technology. They need to coexist with 4G and 3G.

The problem is compounded by the fact that critical systems that were once offline are now dependent on connectivity. Case of water and energy supply networks or hospitals, for example.

Attacks targeting critical infrastructure have become a trend among cybercriminals, and such initiatives have been exploited by Russia in its attacks on Ukraine. In 2015, they left part of the country’s population without electricity after hacking attacks on the energy grid.

The revolution promised by 5G, in addition to greater speeds, is having much more connected. The network has the capacity to support a greater number of devices online at the same time. This is the basis for the adoption of smart systems to automate industry sectors and even cities.

A high-tech factory that adopts new automation techniques with artificial intelligence, for example, would rely on many sensors and cameras for robots to monitor what is happening.

The security flaws in these connected things are compounded by the fact that most of these devices cannot have their systems updated to correct any security flaws.

An alternative to prepare for an eventual catastrophe would be to have analog process options, but this may not be efficient. Jefferson Wang, 5G leader at consultancy Accenture, recommends adopting systems redundancy (duplicating important parts and pieces in the process so that, if one fails, the other can handle the scolding) and disaster recovery plans.

“The good news is that I see this concern for safety in every project I work on. It’s something that people have in their heads. They are aware of it. In previous generations it wasn’t like that”, he says.

Due to their efficiency, many of these automated processes with sensors and smart devices through 5G should reach large companies. With that, also the new threats.

“Attacks are getting more sophisticated. Every large company will experience some kind of attack on the level of those launched by other states,” says Anand Oswal, senior vice president at cybersecurity firm Palo Alto.

A recurring recommendation is the adoption of a security model called “zero trust” (or “zero trust”). In it, access to company systems and data is limited to only those necessary for the function. In addition, people must constantly verify their identity to gain access to services, even if they are using a computer in the company’s building.

Oswal also suggests that enterprise-level security works with artificial intelligence systems that help identify devices and monitor their behavior.

In the case of a light bulb, for example, its function is to turn it on and off. If she is doing something different, an alert would sound.

It might seem strange to think of a light bulb doing something other than turning on the light, but that’s because, in their “smart” versions, devices are, at heart, minicomputers. A hacker can remotely steal access to millions of these tiny machines and program them to try to access the same website at the same time to overload it.

It was using such a strategy that, in 2016, the “Anonymous” and “New World” hacking groups took down servers that prevented access to dozens of websites and services such as Amazon.com, Playstation Network, Twitter and Xbox Live. To do this, they overloaded systems using a network made up of connected devices such as printers, security cameras and baby monitors.

The network used for this attack, called “Mirai”, still exists and continues to grow. “It already has 12 billion devices,” said Christine Bejerasco, chief technology officer at information security company F-Secure, in a panel on the topic at the Mobile World Congress (MWC), a technology event held this week in Barcelona.

According to Bejerasco and other experts who participated in the event, security flaws are already present in the design of these products and in the lack of concern for safety on the part of many manufacturers.

This does not exclusively threaten governments and large companies. It also reaches the end buyer who places a smart device inside the house. After all, why not connect the washing machine to the internet?

Ken Munro, an expert at Pen Test Partners, a cybersecurity consultancy, said he easily hacked into his daughter’s talking robot dog. He managed, for example, to make him swear. “But the scariest part was that I also had the toy’s microphone, I could turn it into a bug,” he said.

In the opinion of Jaya Baloo, head of information security at cybersecurity company Avast, the scenario shifts the burden of protection to the consumer. “Security should be standard on devices,” she tells sheet. “Users are not cybersecurity experts, they are not in a position to evaluate different options to defend themselves. People just want to use services.”

Therefore, she welcomes the creation of tougher rules for the security of these smart devices. Last year, the US and UK governments, as well as the European Union, created regulations and laws with technical safety standards for these devices.

“Suppliers can no longer bring things to market in a hurry,” says Baloo.

She makes the caveat, however, that there will be a time before these standards come into effect and manufacturers can adapt their products. That is, until then, more insecure smart devices will come into operation and many should not be replaced so quickly. “How often do people change refrigerators? It’s a long-term change.”

*The journalist traveled at the invitation of Huawei