For months, the mainstream media has been reporting about the supposed security threat posted by Huawei’s involvement in 5G networks. However, these news reports often gloss over the technical side of things. They talk about ‘backdoors’ and ‘security risks’, but at no point do they actually explain how Huawei would ‘steal’ information, or how, technologically speaking, it could be stopped. This blog post aims to change that by zeroing in on the technology specifics of this whole Huawei 5G saga.
Are ‘backdoors’ in 5G networks possible?
In April, 2019, Bloomberg published a story alleging that Vodafone had found evidence of backdoors its fixed line network way back in 2009. However, in an article by TechRepublic, they point out that this allegation is based upon the Telnet interface, which is common in many other products, essentially meaning that there is a long list of other hardware suppliers supposedly guilty of creating backdoors. So, with regards to this particular case, it seems that, yes, backdoors are possible, however intent is hard to prove.
Switching the focus to 5G networks, it seems these older security flaws might remain. Bruce Schneier, a lecturer at Harvard Kennedy School, writes:
“…there’s so much backward compatibility built into the 5G network that older vulnerabilities remain.”
Bruce Schneier, writing in ForeignPolicy.com
According to him, the new 5G networks will likely be an extension of the 4G networks, leading to a continuation of old technology (and, therefore, security flaws) into the new networks.
What is more, he claims that the inherent complexity of 5G networks makes them much harder to secure. The blurring of data between the wireless side of the network with the ‘core portion’ leads, in Schneier’s words, to ‘increased points of vulnerable’ attack.
Verdict: Yes, backdoors in 5G networks are possible.
Will the UK government’s steps to limit Huawei’s involvement make a difference?
On the 28th of January, 2020, the UK government announced a list of restrictions to Huawei’s involvement in the 5G network which will, according to the UK government, mitigate any risk. Among others, these restrictions included:
- Excluding ‘high risk vendors’ (such as Huawei) from ‘core parts’ of the 5G networks;
- Restricting network involvement of high risk vendors to 35% of the network.
So, will this mitigate the risk? Well, first of all, it remains unclear what exactly constitutes ‘core’ parts of the UK 5G infrastructure. Moreover, there are some who even say within a 5G network it is not even possible to carve out isolated safety zones.
With regards to the 35% cap, this may decrease the chances of Huawei ‘intercepting’ certain information, by virtue of reducing the volume of data passing though Huawei equipment. However, from a risk management perspective, it would seem the specific data itself, not the quantity of it, that matters here.
Verdict: It reduces the risk, but certainly does not remove it.
Technologically speaking, what are the best solutions here?
So, if Huawei is an issue, why not simply accept a bid from another vendor? It seems that there are not a lot of other options. The solutions offered by Nokia and Erikson are reportedly not one-to-one alternatives. One idea, which could perhaps be the model of future networks, is the notion of making all related-software open-source. By doing so, this would allow for governments and third parties to independently check if any supposed backdoors exist and if any traffic is passing though them. The O-RAN Alliance, supported by Orange among a number of other major mobile operators, seems to be calling for progress in this direction.
One of the major issues with Huawei’s technology is the opaqueness, which makes it difficult to see not only if backdoors exist, but if they are being accessed.
Another solution would be to improve security software protecting and monitoring 5G networks. That, however, becomes increasingly difficult when considering the complex 5G typology mentioned previously.
Verdict: At present, there are no great solutions, however there seems potential for improving 5G cyber-security via simultaneously removing opaqueness and increasing third party monitoring of networks.
Conclusion
We have tried to focus on the technological side of the debate here, BUT, as with the political side, instead of finding black and white answers, there are just shades of grey. Are backdoors in Huawei’s 5G networks possible? Yes, but it is hard to prove if they are deliberate or even being used. Will the UK government’s restrictions on Huawei’s involvement in their 5G network mitigate the risks? Partly, but not entirely. Are there any better solutions? Potentially, but not yet.
However, one thing is clear. 5G will not only offer a range of cyber-security problems, but will, concurrently, create a huge demand for cyber-security professionals.
20% Discounts on Online Cyber-Security Courses
Want to improve your resumé and skills? Get more qualified by completing more cyber security certifications. Infosec-Careers.com has discount codes for the following information security certifications:
- 20% Discount off EC-Council’s Certified Ethical Hacker Course with this CEH Coupon Code
- 20% Discount off EC-Council’s Computer Hacking Forensic Investigator with this CHFI Coupon Code
- 20% Discount off EC-Council’s Certified Network Defender Course with this CND Coupon Code
- 20% Discount off EC-Council’s Certified Chief Information Security Officer Course with this CCISO Coupon Code Or view a full list of Information Security Online Courses and Discount Codes HERE.