Recently, according to foreign media reports, researchers from Purdue University and the University of Iowa in the United States have found several 5g security holes, which can be used by hackers to locate users in real time, or even to drop users 5g mobile phones unconsciously.
So, why are these security vulnerabilities? Can these holes be fixed? How should users deal with such hacker attacks? The reporter of science and technology daily interviewed relevant experts in the industry.
Security loopholes are old problems
What are these vulnerabilities on 5g mobile phones?
Attackers can discover these vulnerabilities and then carry out corresponding network attacks by using pseudo base stations. Yan Huaizhi said.
So, what is a pseudo base station?
As the name implies, the pseudo base station is a kind of camouflaged pseudo base station and an independent device. Pseudo base station is usually a device composed of host computer, laptop computer and other hardware. It can search the information of mobile terminal within a certain radius with its center by using the defects and loopholes of communication network and protocol. Yan Huaizhi said.
Yan Huaizhi pointed out that there are two main hazards of pseudo base station: first, it will interfere with normal communication, so that users can not get normal communication services; second, criminals can use pseudo base station to communicate with users mobile phones, send them fraud messages, false advertisements and other information, or monitor user communication data (such as SMS verification code), or even log in to users mobile phone bank account to steal money Wealth.
However, in general, the problems caused by these vulnerabilities are not unique to 5g network, and pseudo base station is not a new attack mode. Yan Huaizhi said that the traditional 4G, 3G and other mobile communication networks may also be under the same threat.
Since it is an old problem, why are these loopholes not found in the early stage of R & D?
Yan Huaizhi said that in the specific practice of communication engineering, information system security loopholes, this problem is almost inevitable. This is especially true for complex systems such as 5g communication networks. The process of vulnerability discovery will run through the whole life cycle of information system. Although in the early stage of research and development, security needs analysis, security design, security coding, security testing and other means can be used to minimize or avoid the occurrence of vulnerabilities, but it is basically impossible to be foolproof.
Multiple measures to reduce adverse effects
So, can these vulnerabilities be fixed?
Most of the vulnerabilities can be fixed, but a small number may persist. Li Weiguang, a security expert at 360 security research institute, told SciTech daily that, for example, the vulnerability of forged alarm information can be fixed by simply attaching signature information to the alarm message.
Although some loopholes will exist all the time, their own harm is relatively small, and they will not cause great harm to 5g network services, and will not affect the normal use of users, so we need not worry too much. Li Weiguang said.
Yan Huaizhi also pointed out that, on the whole, the establishment of 5g network security standards still needs a process. In time, 5g network application at personal level will realize controllable risk, and the current vulnerability has little impact on individual users. In the future, the industry needs to pay more attention to the security of 5g network large connection services, especially 5g applications in industrial control, Internet of things and other fields. At the same time, 5g network slicing technology makes the boundary of mobile network no longer clear, coupled with the existence of 5g pseudo base station, 5g users location information, data content, etc. will face greater security risks than 4G era. Yan Huaizhi said.
As for how to reduce the adverse effects caused by 5g vulnerability, Yan Huaizhi believes that it needs to take multiple measures at the same time. First of all, we need to promote the implementation of 5g network security standards, and at the same time, we need to complete the prevention and repair of loopholes at the technical level, so as to improve the security of 5g network from the source. Secondly, we should crack down on illegal devices such as fake base stations and take down the base camp of attackers. Thirdly, on 5g mobile phones, 5g smart watches and other user terminal devices, relevant R & D personnel should deploy vulnerability identification software and actively implement relevant security protection measures. Finally, relevant departments should strengthen the network security awareness of end users and popularize basic protection knowledge. Yan Huaizhi said. (reporter Xie Kaifei)
Source: responsible editor of science and Technology Daily: Liao ziyao, nbjs10040