A massive new population of 5G-capable devices, from smart-city sensors to agriculture robots and beyond, are gaining the ability to connect to the Internet in places where Wi-Fi isn’t practical or available. Individuals may even elect to trade their fiber-optic Internet connection for a home 5G receiver. But the interfaces that carriers have set up to manage Internet-of-things data are riddled with security vulnerabilities, according to research presented this week at the Black Hat security conference in Las Vegas. And those vulnerabilities could dog the industry long-term.
After years of examining potential security and privacy issues in
mobile-data radio frequency standards, Technical University of Berlin
researcher Altaf Shaik says he was curious to investigate the
application programming interfaces (APIs) that carriers are offering to
make IoT data accessible to developers. These are the conduits that
applications can use to pull, say, real-time bus-tracking data or
information about stock in a warehouse. Such APIs are ubiquitous in web
services, but Shaik points out that they haven’t been widely used in
core telecommunications offerings. Looking at the 5G IoT APIs of 10
mobile carriers around the world, Shaik and his colleague Shinjo Park
found common but serious API vulnerabilities in all of them, and some
could be exploited to gain authorized access to data or even direct
access to IoT devices on the network....<<<Read More>>>
