5G: hackers can easily steal your data and spy on your location

5G could make it easier for hackers to access your data. In any case, this is the conclusion of the report from Positive Technologies, a company specializing in cybersecurity. The latter calls into question the very architecture of the network, far too open to attacks according to him.

5G on iPhone

5G has officially arrived in France, and its detractors may well have new reasons to worry. Positive Technologies, a London-based cybersecurity company, released a report noting many weaknesses in the very architecture of the network. Concretely, these weaknesses would allow hackers to easily transfer data and to do crash servers via DoS attacks.

“The key points of network security include an appropriate configuration of the equipment, as well as the authentication and authorization of network elements”, explains the company. “Without these prerequisites, the network becomes subject to DoS attacks by exploiting the vulnerabilities of the PFCP protocol”. In other words, hackers will be able to disclose personal information, like credentials, making use of 5G security weaknesses.

Read also: Subscribing to a 5G plan has no use, according to UFC-Que Choisir

5G does not have a reliable architecture

The main problem with 5G is at the level of the SMF interface (Session Management Function) which works thanks to a protocol called “Packet Forwarding Control Protocol” (PCFP). The latter can be used by hackers to send requests to close or modify a session, which could cut internet access of the victim. In addition, these can modify the behavior of the NRF (Network Repository Function) in order to take control over the user’s session and thus steal his data. Other vulnerabilities have also been spotted on the user authentication side.

Positive Technologie also mentions a strange design in the management of user data, whose interface is easily accessible by a malicious person to retrieve the desired information, in particular geolocation data. Finally, hackers can imitate the creation of an Internet session by using the identifiers of the victim, which the latter must therefore pay to his operator. The company says it’s all possible without the victim realizing anything. “To avoid these attacks”, it therefore advises operators of “Systematically implement security measures such as the correct configuration of the equipment, the use of firewalls on the network and constant monitoring”.

Source: Positive Technologies