What today’s mobile authentication challenges reveal for the 5G Economy
Fifth-generation, or 5G, cellular networks promise to usher in an exciting new era of business models optimized for digital transformation and the mobile-first world. In a research report, the World Economic Forum (WEF) cites research conducted with the Imperial College of London suggesting “on average, a 10 percent increase of mobile broadband adoption causes a 0.6–2.8 percent increase in economic growth, depending on the model specifications.” Comparing 5G’s network capacity and performance to the wireless capabilities of the 3G and 4G eras points to where these higher speed networks will collide with more feature-rich phones and devices to enable a host of new and expanded business models.
Consider all the higher-resolution cameras, more advanced displays and multi-tasking processors in smartphones and tablets now able to send and display richer media on-demand, whether it is concert footage or life-saving medical information. Think of embedded wireless connectivity in things like vehicles, distributed manufacturing equipment or buildings that can more accurately exchange information to help public safety, traffic management or maintenance troubleshooting.
Of course, for most consumers and employees, the personal advances of 5G at our fingertips everywhere will be the most striking. Faster, more reliable connections will further our ability to leave bulkier devices behind and live off of our smartphones throughout the day – purchasing goods and services, banking, staying productive and in turn powering the 5G Economy.
Yet, capitalizing on the 5G Economy’s massive speed and scale will require focused attention to security and trust challenges already posing problems in the massive 4G world. Chief among these is making sure 5G enabled devices, apps and services can securely handle authentication and digital identities.
For example, a recent Motherboard article, by reporter Joseph Cox, details how determined cybercriminals exploited flaws in SS7, a protocol used by telecom companies to coordinate how they route texts and calls around the world. In this case, attackers used knowledge of the SS7 protocol’s security weaknesses to intercept 2-Factor Authentication (2FA) password reset codes. An attacker targets a victim’s bank account and username, maliciously requests a password reset through the bank’s digital app or site and – when the reset code is pumped through the victim’s trusted text-message/SMS medium, the SS7-savvy thieves are there to intercept the password and quickly hijack account access or transfer funds before anyone is aware.
The notion of draining someone’s bank account by exploiting mobile networks and 2FA channels points to the realities of telecommunications and digital commerce today. First, the telecom business is seldom able to simply “turn the page” and abandon legacy hardware and infrastructure. Older protocols and equipment must remain in place with backward compatibility as new technology is introduced, and protocols – vulnerabilities aside – must stay in service because without them there is no functioning network to begin with.
Secondly, digital transformation is always a trade-off between security and convenience: Banks realize the future of finance is mobile and digital, making them tolerate the wider fraud and attack surface of apps and mobile, mitigated by security mechanisms like 2FA. Yet as exploits of 2FA become more commonplace, it is clear that simply slipping users a secure way to reset a password is no longer enough – digital transformation in the 5G Economy requires a way to continuously authenticate users from the moment they log in to an app or service, so that whether they try to reset a password or move money suspiciously, any anomalies and suspect behavior can be detected and flagged for escalated review.
The 5G Economy is real and inevitable. The only question is how rapidly business, communications, device, developer and other stakeholders apply the security trends of today to help 5G push back today’s threats. BehavioSec has been proudly recognized among the GSMA 100 group of companies making critical security, performance and other innovative contributions to the wireless future. We work with banks, fintech developers and others fortifying digital transformation initiatives with stronger trust and security. Contact us to learn more about how BehavioSec’s behavioral biometrics platform can support your business and give your users greater peace of mind.