草榴社区

close search bar

Sorry, not available in this language yet

close language selection

How 5G and IoT devices open up the attack surface on enterprises

草榴社区 Editorial Staff

Apr 07, 2020 / 3 min read

Table of Contents

The fifth generation (5G) of cellular phone technology is upon us. You can hardly turn on your TV or stream a YouTube video without seeing an advertisement for 5G. Beyond the speed and latency advantages that 5G will offer for consumer mobile devices, the Internet of Things (IoT) will benefit from 5G’s capability to support many more simultaneous connections. With a much wider pipe—with up to 20 times the capacity of 4G (minimum peak data rate of 20 Gbps versus 1 Gbps)— can support many more simultaneous connections. And the  allows for network latencies as low as 1 millisecond, up to 10 times greater than 4G. Ubiquitous IoT devices, such as sensors in vehicles, traffic lights, and roadbeds, will benefit from performance increases in 5G and make possible sci-fi use cases, including autonomous automotive applications.

But along with all the great benefits of speed, throughput, low latency, and futuristic functionality comes a downside: an expanded attack surface. With the  and applications estimated to exceed 67 billion by 2025—perhaps up to 75 billion—the field is rife with targets. And because many  ship with default passwords that are rarely changed and ports that always seem to be open, for hackers, it’s like shooting fish in a barrel. The process of , like any software development process, is also vulnerable to design flaws and coding mistakes.

However, not every 5G vulnerability can be laid at the doorstep of IoT devices. With new 5G wireless technology replacing older 4G LTE technology, uncertainties and risks can abound within the 5G protocols themselves. And because 5G standards are relatively young, with their definitions still evolving, 5G and IoT devices will .

Would 5G and IoT cyber security compliance standards help?

iot device security attack surface

Cyber security compliance standards for 5G and IoT devices can have overlapping jurisdictions in terms of applications and sectors. For example, the  applies to 5G networks and IoT devices involved in financial transactions conducted with credit or debit cards, and the  cyber security standards apply to transactions involving the federal government. However, the evolving status of 5G standards and fast-changing nature of IoT devices make these kinds of compliance rules and regulations “very cumbersome and overweight,” according to , and not designed for environments that change regularly.

Nevertheless, the need to  will continue to change the requirements and scope of 5G security. Consequently, development organizations need a proven, scalable, standards-based technology solution going forward, according to .

The National Institute of Standards and Technology () recently posted a set of draft recommendations regarding IoT cyber security. Though not enforceable, it calls for IoT manufacturers to design cyber security capabilities into their systems, including baselines for data protection, logical access to interfaces, software and firmware updates, and cyber security state awareness.

Even in existing technologies, researchers continue to discover unknown problems. For example, researchers at the Korea Institute of Science and Technology  last year. So the  is that as a new technology, it’s bound to have security vulnerabilities.

Fuzz testing solutions for 5G and IoT security

iot device security attack surface 3

Today’s cyber security compliance standards, when they exist at all, are simply not broad, flexible, or anticipatory enough for 5G and IoT. So development organizations need to think for themselves. They have to be able to find unknown zero-day vulnerabilities in their 5G networks and connected IoT devices.

Fuzz testing solutions can help development organizations find these security vulnerabilities. With fuzz testing, or fuzzing, organizations can subject their IoT devices to intentionally malformed data. The fuzzer will attempt to input this tainted data into the IoT interface to get the device to malfunction, fail, or execute an undesirable operation. Fuzz testing is one of the best ways to test security protocols, and organizations developing 5G and IoT devices will find it an invaluable tool as 5G standards evolve and 5G networks start to roll out around the world.

Learn More

Defensics fuzz testing

Identify defects and zero-day vulnerabilities in services and protocols?

Learn more about fuzz testing

Continue Reading

SSDF BSIMM mapping updated for BSIMM14
Blog
8 min read / Jun 18, 2024

SSDF BSIMM mapping updated for BSIMM14

Mike Lyman
By Mike Lyman
Tags: Program Strategy & Planning, Compliance, Manage Security Risks
Read Article
Top 10 free pen tester tools
Blog
5 min read / Apr 11, 2024

Top 10 free pen tester tools

Natalie Lightner
By Natalie Lightner
Tags: Software Integrity, Security News & Trends, Pen Testing, Web AppSec, Manage Security Risks
Read Article
Managing risk at scale
Blog
2 min read / Apr 08, 2024

Managing risk at scale

Charlotte Freeman
By Charlotte Freeman
Tags: Software Integrity, Manage Security Risks
Read Article
SANS report: Securing the shifting landscape of application development
Blog
2 min read / Apr 03, 2024

SANS report: Securing the shifting landscape of application development

Charlotte Freeman
By Charlotte Freeman
Tags: Software Integrity, Manage Security Risks
Read Article
Guide to updating from NIST CSF 1.1 to 2.0
Blog
7 min read / Mar 29, 2024

Guide to updating from NIST CSF 1.1 to 2.0

John Waller
By John Waller
Tags: Software Integrity, Cloud Security, Manage Security Risks
Read Article
4 approaches to vulnerability remediation
Blog
4 min read / Mar 27, 2024

4 approaches to vulnerability remediation

Natalie Lightner
By Natalie Lightner
Tags: SCA, Build Security into DevOps, Training, Manage Security Risks
Read Article

Explore Topics

Agile, CI/CD
AppSec Best Practices
Artificial Intelligence
Automotive
Build Security into DevOps
Cloud Security
Compliance
Container Security
CyRC
DevSecOps
DAST
Financial Services
Fuzzing
Healthcare
IAST
Internet of Things
M&A
Manage Security Risks
Medical Devices
Mobile
Orchestration & Correlation
OSS License Compliance
Pen Testing
Program Strategy & Planning
Public Sector
SAST
SCA
Secure the Software Supply Chain
Security News & Trends
Threat Modeling
Threat & Risk Assessment
Training
Web Application Security