As retailers, payments providers and consumers prepare for the coming 5G world, there remain concerns about how well that mobile network technology will protect consumer privacy and security.
Retailers, payments providers and even some consumers — especially those first-wave adopters, the types of people willing to stand in lines for new phones and other gear — are well along in envisioning the coming 5G world. But there remain concerns about how well that mobile network technology will protect consumer privacy and security — and that may prove significant going into 2019, given the increased focus on data protection.
That’s not to strike an alarmist tone about the coming deployment of 5G, which promises benefits to merchants, marketers, healthcare, FinTech, payments, connected cars, the Internet of Things and other areas. Verizon and Samsung recently said they would launch U.S. 5G phones in the first half of 2019, underscoring the near-term approach of increased mobile speeds and other features of 5G. That doesn’t mean 5G will all happen at once, of course, as some big tech players have announced relatively delayed plans for the mobile technology – and it will take some time before solid 5G use cases emerge and make their way into white papers and “best practice” highlight sections on vendor websites.
But when it comes to security and privacy, problems and potential flaws that are not addressed early on have a way of causing significant damage down the line. And that’s why some researchers and mobile technology observers are sounding what amounts to preemptive alarm about 5G.
5G Security Holes?
One recent 5G study from the University of University of Lorraine/INRIA (located in France), the University of Dundee (Scotland) and ETH Zurich (a math, technology and science academy in Switzerland) found that “the next generation of mobile communication needs a security boost if it is to offer customers a safe and reliable service,” according to a summary of the research, which said that while data protection for 5G improves upon 4G protections, “critical security gaps are present.”
According to the full 5G report from those three organizations — a report that goes into deep technical and mathematical detail — those gaps could facilitate cyberattacks, along with 5G mobile phone consumers being charged for use of that technology by other people or organizations. The protections as they now stand for 5G “feature a combination of properties that are extremely challenging for state-of-the-art verification techniques” via the mobile network technology, the report says. As well, the 21-page report found that 5G “security goals are underspecified,” among other problems.
Government Role?
That report specifies technical fixes to those problems. Some observers also want more of a push to make 5G secure.
According to one recent roundup from the DC5G conference in November — a gathering that focused on the path to 5G commercialization — “Jill Kelley, former ambassador to U.S. coalition military forces, founder of Space-SkyFi and president, military diplomacy strategies, declared that it is the responsibility of the federal government to ensure that U.S. networks are safe for users, much like U.S. travelers and visitors have passports checked to ensure that everything is in order, or that government regulates safety standards for vehicles.”
Not all conference attendees struck such a tone.
Drew Morin, director of federal cyber security technology and engineering programs at T-Mobile US, reportedly told attendees during a panel session that 5G, like 4G, features encrypted data being carried across mobile networks, and that protective precautions are being baked into the technology to prevent criminals from stealing data.
“What we’ve done in 5G is, we’ve worked in the specifications to ensure that the over-the-air part is all encrypted, as well as the handshake between the device and the tower [and into] the core of the network, that’s also encrypted all the way through,’ Morin said, according to that same roundup. He went on to note that where there are interfaces between the network and application or information service providers, the laws governing privacy kick in.
5G Security Products
Businesses are always trying to get ahead of potential governmental regulation, or at least avoid what Morin called a patchwork of laws from non-federal jurisdictions, which makes doing business more complicated and costly. Already, players in the payments and authentication space are introducing products designed to make 5G safer. That includes Gemalto, which earlier this year launched a product designed to “protect against cyberattacks” targeting 5G networks.
“With physical network functions being migrated to the cloud, resulting in increased ‘attack surfaces’ for malicious forces, one of the challenges for the mobile industry is to ensure identity protection, confidentiality and integrity of these newly virtualized network functions,” Gemalto said. “Addressing this, the combined solution secures virtualized networks from core to multi-access edge by ensuring virtual functions and applications residing in network slices are protected and isolated.”
So, what will work best to protect 5G and the security of consumer data and privacy? According to cybersecurity provider Palo Alto Networks in a recent blog, “legacy approaches that depend on disconnected and uncorrelated security elements will not scale and will not see and stop attacks across 5G networks. Dealing with 5G security challenges and risk factors requires a holistic and transformative security approach across the mobile networks.” That means, among other strategies, doing preventative work now.
There are signs that consumers, at least when you get beyond those first-wave tech adopters, are not exactly ready to jump into the 5G world for a while — that’s reportedly one reason, along with expectations of initial spotty coverage, behind Apple’s decision to hold off until 2020 or later to release its own 5G iPhone. Not all observers and analysts agree with Apple’s move. But no matter what, 5G will have a harder time winning over consumer loyalty for cutting-edge payments and commerce tools if security and privacy problems plague the mobile network technology from the start.