5G and network splicing open up new vulnerabilities to the Internet of Things
UK mobile operators need to ramp up security to weather eventual attacks from vulnerabilities opened by mass amounts of Internet of Things (IoT) devices.
This is according to AdaptiveMobile chief strategy officer Simeon Coney (pictured), speaking to Mobile News in Barcelona at Mobile World Congress.
Adaptive Mobile are market leaders in mobile network security protecting 1.5 billion people, blocking 200,000 to two million attacks a day.
According to the mobile security specialist there will be 30 billion connected devices by 2020, research from Gartner forecasts IoT to be worth $5 billion by then. IoT opens up more risks and can leave consumers vulnerable due to cheap components in the manufacturing process.
Even more worrying, the latest MobileTrends H1/2017 Report from Allot Communications reveals that 89 per cent of customers don’t have paid tools for securing their mobile device.
However, more than two thirds (68 per cent) of mobile internet consumers are still aware of security malware, with one in seven of these consumers having experienced an attack in the past 12 months.
“The explosion in IoT opens up more risk,” said Coney. “Inherently IoT devices are manufactured at the lowest price point possible and go to market with an excellent price, so inevitably there will be security risks due to cheaper construction.”
Coney also argued that network slicing, where a network cuts a bit of its network and gives it to an IoT manufacturer to run compatible devices, also opens up new avenues for hackers.
This is a practice hackers are moving to due to the download speeds of 5G, which will diversify and increase IoT devices, but create more security flaws.
“5G is even worse for security as hackers are looking to open up networks through network slicing,” said Coney.
“For example, automotive firms are starting to put connectivity in cars and now mobile operators are no longer in control of the device, they would get their own separate slice of the operator’s network that isn’t viewable by the network, almost as if it was its own private network. The question is then posed who is securing this device?”
New kinds of hacking
He added that operators are being forced to defend against new types of attacks in the past six months. Hackers are now attacking through over-the-top messaging apps such as WhatsApp and Kick, sending spam messages to trick consumers into sharing personal details. When in past they would go through SMS messaging.
However, hackers continue to use SMS messaging in a tactic called ‘social engineering’, where they would pose as major firms with official-looking websites to gain log-in details.
“Apple users would receive messages from hackers under the guise of Apple asking whether the users have used the device in for example London. Natural curiosity kicks in and users would click on a link from the text, providing their username and log in. The attack is so sophisticated that users would be welcomed by a map of London with a pinged location. Users would then think their devices is safe and ignore the initial message.”
“We are lagging behind by four years compared to the American market and frankly in a number of cases, show a lack of an appetite in catching up. America has done well in increasing consumer confidence and consumer trust. It’s down to the regulatory environment for the networks.”