Hackers at work, trying to break into 5G

Science and technology

Despite all the hysteria about its health effects and the battle over market share, the discussion about security the US campaign against Huawei, 5G is already here. Slowly but surely operators are colouring their coverage maps. Starting from big cities, the colouring of the maps designating the areas added to the fifth-generation high-speed internet is spreading fast. 

The world's connectivity needs are changing. Global mobile data traffic is expected to multiply by 5 before the end of 2024, and at the same time horizon, we expect to have 22 billion IoT devices connected. Previous generations of mobile networks were focused on consumer and personal communications, but now 5G serves consumers, enterprises and take the internet of things to the next level, where superior connectivity is a prerequisite.

Telia, which has been both selling 5G equipment and expanding its network, just opened its industrial network in Oulu to the public. The company's network is already available in 7 major Finnish cities with speeds of up to 1gigabit per second.

But how secure is 5G? To answer this question, National Cybersecurity Centre of Finland from Finnish Transport and Communications Agency, Traficom, arranged a Hackathon late November in the city of Oulu, A Finnish city well known for its high tech and world-class telecommunications education and R&D. The world's first open 5G Cybersecurity Hackathon gathered 70 cybersecurity specialists from 15 different countries who competed in challenges set by Ericsson, Nokia and Oulu University. 

"Cybersecurity is a key pillar of our digital society. Ensuring cybersecurity should be a joint effort between equipment manufacturers, technology users and authorities," says Jarkko Saarimäki, Director of the National Cybersecurity Centre Finland at Traficom. "To be able to grasp emerging opportunities, it is wise to be one of the first to generate expertise and create a common front to improve 5G cybersecurity. As a national agency, we want to collaborate actively with international technology businesses and leading security professionals to reach our common goal: i.e. a reliable and secure digital society."

The majority of the hackers had no hands-on experience with 5G networks and appreciated the opportunity to be among the first ones in the world to explore 5G. Themes of the Hackathon included improving the cybersecurity in 5G infrastructure and ensuring the information security in digital services used over 5G. The hacker teams dug deep into the cybersecurity aspects and could provide useful insight and point out topics which add value to the development of cybersecurity fundamentals. 

"For us, the key benefit for joining the 5G Cybersecurity Hackathon was to engage with the security community embracing the opportunity of having some of the world's leading hackers putting their skills at test on our 5G solution," says Mikko Karikytö, Head of Network Security, Ericsson. "5G is the most secure communication technology we have seen so far – further improving the security and privacy from the already reliable 4G. Having said that, we wanted to expose our 5G technology to hackers and go 'all-in'. No critical issues were discovered, but even all the minor findings made during the weekend are already processed by Ericsson security experts and fed back to R&D,"

"To ensure public trust in 5G, it is important that security is built-in from the start and that potential security gaps are identified at an early stage," explains Niklas Lindroos, Head of Security for Mobile Networks and Global Services at Nokia. "This 5G Hackathon event was a great opportunity to do just that and for the industry to learn about network security. We are pleased that no major security defects were found in our product – a testament to our robust product security processes. However, we did gain a unique insight into future attack surfaces and can design the defences of future products accordingly." 

According to many experts, 5G technology will be one of the building blocks of our future digital society all over the world. Transition to the 5G technology will be accompanied by a more significant change than any of the previous generations of mobile communications networks. Ensuring cybersecurity in networks will be crucial for the services provided by the public sector and businesses in the future. 

"This was a significant learning experience for us all. 5G security promises were not broken, but thanks to the professionals spending their time here, we learned a lot about the network security issues, says professor Juha Röning from the University of Oulu. "Also, it is important to utilise the lessons learned from other networks. The university will benefit from the Hackathon's results greatly, and this encourages us to intensify our research efforts. Our 5G network is available for cooperation as well as for real application tests in the future,"


Ericsson Black Box Challenge 

For several years, Ericsson has been breaking new ground testing and trialling 5G. By bringing this challenge to the 5G Hackathon Ericsson offered security experts now acting as white hat hackers a unique opportunity to test state-of-the-art next-generation telecom equipment that enables use cases like smart manufacturing, remote health care, and so much more. 

This challenge offered "hackers" a unique opportunity to get their hands on Ericsson's state of the art 5G radio infrastructure to see if they can hack it or find vulnerabilities. The objective was to test the provided infrastructure by getting creative and utilising different techniques, including physical access to the nodes, as it was within attackers' reach much more than ever before. The challenges started with a "Blackbox" approach, testing hackers' skills and gradually widened towards "Whitebox" testing scenarios. Ericsson had its experts present at the challenge. 

Blackbox Testing is a software testing method in which the internal structure, design and implementation of the system is not known to the tester. In Whitebox Testing, all those factors are given to the tester.

Ericsson Challenge Winners: 





Nokia Home Network Challenge 

Nokia's new FastMile gateways are self-contained residential devices that connect wirelessly to your 4G or 5G network while creating a better and faster Wi-Fi experience within the home. Nokia brought in latest next-generation prototype to be tested before release. Nokia's Fastmile with several interfaces were available for attack. Nokia provided access to Wi-Fi, cloud, admin and 5G interfaces during the competition. 

Nokia Challenge Winners: 




University of Oulu iHealth Challenge 

In the hospital environment, new technologies are applied rapidly to let the doctors and nurses do their work even more safely and effectively. 5G networks are expected to be utilised in critical functions such as hospitals to secure reliable connectivity, low latency and safe use. 

New technologies present new, uncharted threats to network security. Oulu University aimed to find cybersecurity experts to safeguard the digital future of hospitals, to improve the security aspects of the systems if soft spots were found by hacking into 5G devices, base stations, servers or applications in a safe setting. 

In iHealth Challenge the task was to hack the future hospital simulation at the university campus. The hospital environment is built with real end-to-end 5G network integrated with 4G, i.e. operating in a so-called 'non-standalone' architecture offered by 5G Test Network. A real network with 5G access and real terminals offering hotspot access, allowing data transmission through existing technology with sensors, VR and AR, were offered for hacking. Use case and peripheral devices were simulated in a hospital medical operation setting 

Competitors could choose to hack any of the critical functionalities of Oulu University's future hospital. This could be done, for example, by sneaking into: 

  1. the 5G network via untrusted peripheral devices  
  2. taking over 5G terminal 
  3. interfering 5G radio i/f or crabbing the network from the base station 
  4. service delivery in the edge computing environment 
  5. something we could not even think of 

Oulu University Challenge Winners:


 2. TCY

3rd prize was announced as honorary mentions only 

The Hackathon will be followed by Leading Edge 5G Forum on February 13, 2020 in Helsinki, Finland.

The event will gather the leading cybersecurity experts and decision-makers from around the world in a single forum. In addition, the findings of the Hackathon will be discussed in the forum. 

Participants include major technology vendors, EU cybersecurity authorities, top decision-makers and representatives from some of the biggest operators around the world in addition to leading professionals and evangelists in the field of 5G cybersecurity. 


Image: Traficom