SAN FRANCISCO – Network slicing has been hailed as a lucrative 5G use case, but it can also open up a private 5G network and an organization to cybersecurity attacks if not properly instantiated and maintained, according to a Deloitte presentation at the RSA Conference.

The presentation, ominously entitled “Thinking Like a 5G Attacker,” highlighted that a 5G network’s ability to support network slicing creates avenues for attackers to exploit devices and services running in those slices. It walked through one track of research the consulting firm conducted with Virginia Tech University.

Abdul Rahman, associate VP at Deloitte, said the work involved attempting to breach a device running in one network slice to see if they could then work laterally into breaching a device running in an adjacent network slice.

Rahman explained that the thought process was that an attacker could look for vulnerabilities in low-level devices running in one slice, providing examples of home automation tools or gaming devices that users are typically slow to update. That attacker would then navigate up that network slice and look for other potential vulnerable devices running in nearby network slices to conduct a horizontal attack.

Research found that the initial step was the easiest as device owners regularly do not update the default password on those types of devices.

“Five minutes on Google and you can get default passwords on a lot of these vendor devices and can then basically run scripts through the infrastructure in grey spaces to be able to find and exploit what parts of this attack surface are actually misconfigured,” Rahman said.

Once breached, an attacker can run different attack probes to gain a virtual picture, or attack graph, of that network architecture. This will then allow them to hunt for other potential misconfigurations or weak points further up the stack or slice.

Raham noted that this process could be automated in a DevSecOps pipeline to run on a regular interval that will provide an attacker with a detailed map of that architecture, including information on when security protocols further up the stack are altered.

“If you were able to use this attack graph to do change detection, you can now leverage AI and ML,” he said, adding that this is one area they are continuing to do research on.

This research is becoming increasingly important for 5G networks that are being looked toward providing the basis for new services like private 5G services, telehealth, or controlling autonomous vehicles.

“It's not about one network function anymore,” Shehadi Dayekh, specialist leader at Deloitte, added. “In 4G or 3G networks, if something goes wrong, your phone call will drop or maybe your FaceTime will glitch. But on a 5G network we’re thinking 5G use case security.”

Rodrigo Brito, head of cybersecurity for Nokia’s Cloud and Network Services, in a separate interview agreed that lateral movement across network slices is a “concern.” He said that battling such moves requires network providers to put zero-trust security isolation measures in place from the beginning to mitigate an attack.

While this research is still ongoing, Rahman laid out a handful of tips for IT and DevSecOps managers to help them fight back.

The first he mentioned was to have deep visibility into a network to understand an organization’s attack surface “that is the set of hosts that have exploits and vulnerabilities.” He explained that most exploits or vulnerabilities are listed in the National Vulnerabilities Database (NVD), but not all of them.

“There could be zero days that are variants that may not have a listing in NVD or some other known threat that other people may be aware of,” Raham said.

Raham also said that it’s important to know the location of an organization’s “crown jewels” within network slices. These are labeled as the essential target a hacker would be looking to go after.

He said that it’s important to know which hosts are within a hop or two of where those crown jewels are located.

“If there's a host that has an exploit that's connected to a crown jewel that might be an easier target, especially if they're no defenses,” Raham said. “There may be a lot of rules associated with protecting crown jewels and you may have a lot of challenges going after this, but hosts that are connected to it might make for a softer attack surface and easier angle of approach.”