The Road to 5G is Paved with Malware

The Road to 5G is Paved with Malware

junho 14, 2019 | Adeline Zhang

There is no doubt that 5G will revolutionize how we use online services. Mobile high-speed internet access in excess of 5Gbs will facilitate revolutionary technologies to take advantage of the new bandwidth. Feature rich apps for entertainment, productivity, social media, and health & fitness are preparing to offer functionality only possible with high-speed mobile access. Already outside the United States disruptive technologies and services have started to appear in countries that have 5G, changing how people live, work, and interact.  Smart cars driving in smart cities based on smart technologies. 

But with all good things, there is a dark side. Along with the ubiquity of mobile devices, also is the ubiquity of malware that infects them.  The Google Play Store has historically been inundated with malware infested apps.  Trend Micro believes over 9 million Android devices worldwide have been infected by games and other apps in the past year.  Worse yet are mobile devices that come with malware pre-installed.  And the malware comes in all shapes and sizes, be it adware/ad-fraud, banking trojans, mobile miners for cryptocurrency, spyware, or a combination of the above and other insidious functions.

Then there are Apple devices. iPhones and iPads are not immune to malware laden apps, just better vetted. Apple does a very impressive job of testing apps looking for security issues. Yet, this week, a critical vulnerability found in iOS Chrome browser allowed 500 million iPhone and iPad users to receive millions of malvertising ads and fall to session hijacking. And there are developers with state ties building what Apple concludes are legitimate apps but are really iOS spyware such as Exodus.

IoT devices have long been considered a significant security threat due the poor security controls and numerous unpatched medium- and high-level vulnerabilities.  Most botnets are composed of numerous IoT devices that have been hijacked by malware directly or infiltration from other infected devices. And infected IoT devices are primary sources of DDoS attacks. Recent reports show that the size and strength of coordinated botnet DDoS attacks are on the rise.

Contributing to the increased DDoS botnet capabilities is the ever-increasing bandwidth of internet connections. Botnets today have access to several times the bandwidth than just five years ago.  More bandwidth means more DDoS traffic can be sent from individual bots.  2018 experienced the three largest DDoS attacks ever seen starting with the 1.34 Tbps attack against GitHub the largest DDoS attack recorded at the time. Then a 1.7 Tbs attack in the US only five days later.

Now consider, mobile devices are IoT devices. And mobile devices are prone to malware infection. Today’s swiss army knife malware has the capability to do the most insidious things, including launching DDoS attacks; tomorrow’s malware will be more efficient and deadly.

This is where 5G comes in. Remember that 5Gbs bandwidth that will be readily available?  Pair that with 9 million infected mobile devices. If each of those devices sent continuous requests only 1K in size for 30 seconds to a target, that is a very short 9 Tbs of DDoS attack, almost six times larger than the biggest DDoS attack.  An attack that size would be devastating but is small considering the potential.

If 5G has the potential to be the next vehicle for cyberattacks, what can mobile carriers do to combat this?  Carriers need to admit both that they have a problem and they are a problem.

Mobile carriers have a problem trying to block the activity of infected devices.  Carriers usually consider themselves as only conduits of traffic, having little concern about the types of traffic they pass. DDoS is their biggest cyberthreat issue as it clogs their pipes slowing or blocking traffic.  But this new DDoS threat is beyond what they are capable of stopping.  A reimagining of their DDoS strategy is needed to block attacks closer to the source before the attacks can aggregate.  Carriers need to be more proactive in combating mobile based cyberattacks and cyber threats. This means deploying security products like NGIPS, WAF and other infrastructure security devices to identify and block non-DDoS attacks on their pipes.

Carriers are a problem as they sell and support the mobile devices themselves.  If they are going to provide devices that offer feature rich, yet malware prone apps, carriers need to do better policing these instead of just relying on Apple and Google.  There is no excuse and a lot of liability for selling phones preloaded with malware.

5G has the promise of a bright future and boon to civilization.  But the keepers of 5G must recognize they have an obligation to keep it safe and secure. With great bandwidth comes great responsibility.