5G tech could see SIM card-dependent IoT devices compromised on an unprecedented scale
5G technology has been touted as the next generation of mobile internet connectivity, offering consumers incredible speeds of several gigabytes per second. However, mobile and wireless internet users are not the only ones expected to greatly benefit from 5G.
IoT (Internet of Things) devices are also expected to receive an incredible boost, given that 5G’s speed and technological capabilities could likely provide IoT devices with the ability to transfer massive amounts of data.
However, with this advancement also comes the prospect of new threats. According to a new Trend Micro report,around 30 billion IoT devices are expected to be online by the time 5G launches in 2020. However, it is uncertain whether 5G will be able to incorporate the security features required to thwart a new generation of cyberthreats.
For instance, many IoT devices - from smartwatches to smart factory equipments - depend on a SIM card to function. SIM cards’ functionality and content can be remotely changed via commands sent OTA (over the air) in the form of SMSs, which can be abused by hackers. Given the sheer scale of 5G, the potential for abuse increases exponentially when these commands are sent over a 5G network.
OTA messages that manage a SIM card are called SIM-OTA SMS messages. This kind of communication is conducted purely over the radio and thus, requires no IT connections. These messages can completely alter or remove the functionality of mobile phones and SIM card-dependent IoT devices.
“A SIM-OTA SMS message can even cause a SIM card to be bricked or to become permanently nonfunctional; if the functions of an IoT device depend on SIM radio connectivity, like those of cellphones do, the IoT device will become bricked as well,” Trend Micro researchers wrote in a blog.
Attackers can use fake or hacked cell towers to send SIM-OTA SMS messages. These malicious messages can also be sent via SMS gateways and telecom satellites that have been hacked or hacked carriers that could be leveraged by organized crime syndicates. Attackers can also send malware via these messages on SIM-dependent on IoT devices.
Moreover, attackers can also create IoT fraud botnets using SIM-OTA SMS messages or remote code execution to launch DDoS attacks on carriers or carry out attacks that can result in massive and permanent loss of critical IoT infrastructure.
“Since the geographic scope of telecom radio and the scalability of 5G are both broad, one can imagine that an attack using this vector can be carried out on a massive scale and be very successful,” Trend Micro researchers noted.
However, Trend Micro researchers believe that a 5G platform called a telecom security orchestrator could help address these issues. For instance, it can detect and thwart attacks launched using fake cell towers and hacked telecom satellites.