NSA warns of threat actors compromising entire 5G networks via cloud systems
Image: Kseniia Ilinykh
Catalin Cimpanu October 28, 2021

NSA warns of threat actors compromising entire 5G networks via cloud systems

NSA warns of threat actors compromising entire 5G networks via cloud systems

The US National Security Agency has published a security advisory today warning about how attackers could compromise entire 5G networks by hijacking a provider’s cloud resources.

The NSA advisory, published together with experts from the US Cybersecurity Infrastructure and Security Agency, is part one of a four-part series the agency plans to publish on 5G security.

The series contains extensive guidance for preventing and dealing with cyberattacks on 5G infrastructure and builds on a previous guide [PDF] the two agencies published in May.

According to the NSA, part one contains “recommendations for mitigating lateral movement attempts by malicious cyber actors who have successfully exploited a vulnerability to gain initial access into a 5G cloud system.”

The NSA is hoping that US telecommunications providers involved in the 5G rollout will follow these practices and avoid their 5G infrastructure being compromised by foreign actors.

Besides the potential of attacks on the cloud infrastructure that holds 5G networks together, the guide also lists possible threats to the US 5G networks, such as:

  • Counterfeit components – more susceptible to cyber-attack and are more likely to break because of their poor quality. They can also be backdoored.
  • Inherited components – compromised or weakly-secured components might end up on US 5G networks via complex supply chains, which will need to be investigated.
  • Open standards – adversarial nations may contribute to open standards to request the inclusion of proprietary or untrusted technologies.
  • Optional controls – standards may come with optional security controls that some network operators may not be willing to use.
  • Software/configurations – which refers to vulnerabilities in 5G equipment that may be exploited by attackers to compromise equipment and their configurations.
  • Network security – attacks on network equipment could allow threat actors to access 5G infrastructure.
  • Network slicing – the ability of network operators to split their 5G networks into zones, depending on the type of connected devices. Threat actors could break through these zones and access critical infrastructure.
  • Legacy communications integrations – vulnerabilities in legacy protocols could be used by threat actors to access 5G infrastructure.
  • Spectrum sharing – may provide opportunities for malicious actors to jam or interfere with non-critical communication paths, adversely affecting more critical communications networks.

The NSA said the rest of its 5G security guidance papers would be published in the coming weeks — on this page.

“This series exemplifies the national security benefits resulting from the joint efforts of Enduring Security Framework (ESF) experts from CISA, NSA, and industry,” said Rob Joyce, NSA Cybersecurity Director.

“Service providers and system integrators that build and configure 5G cloud infrastructures who apply this guidance will do their part to improve cybersecurity for our nation.”

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.