back to article 5G SIM-swap attacks could be even worse for industrial IoT than now

Claims that 5G offers “better security” for IoT may not ring true – with the technology remaining vulnerable to SIM-jacking attacks within private Industry 4.0-style deployments, according to infosec biz Trend Micro. Industry 4.0 is the marketing phrase for “please buy our new networking thing and pay us to collect tons of …

  1. Pascal Monett Silver badge

    I seem to recall

    that security, in 5G, is software-defined.

    Meaning wrote by humans. Humans don't have a great track record in writing secure software, otherwise there wouldn't be so many AV companies, data recovery companies and security consulting services, all of which fall prey at some point to the very threats they promise to protect you against.

    5G may work, but when it goes wrong it will go very wrong, and there will be much gnashing of teeth and pulling of hair.

    1. Anonymous Coward
      Anonymous Coward

      Re: I seem to recall

      best to wait for SP1 then

      1. Tim99 Silver badge
        Meh

        Re: I seem to recall

        Nah, SP3 at the very least - SP1 will be a panicked emergency patch to fix something really bad. After the patch it has been out for a while, SP2 will fix something bad that was caused by SP1. SP3 will fix that one. SP4 will offer additional functionality, which will probably have some regressive code from the original version, including that which caused the first breach.

    2. boltar Silver badge

      Re: I seem to recall

      "hat security, in 5G, is software-defined.

      Meaning wrote by humans"

      So who designs hardware security then, Peppa Pig? Anything built by humans can usually eventually be hacked by humans in some form or other.

      1. JohnFen Silver badge

        Re: I seem to recall

        "Anything built by humans can usually eventually be hacked by humans in some form or other."

        You don't even need humans in the loop, really. Anything that can be accessed legitimately can be accessed illegitimately, without exception. The only question is how hard it is to do.

  2. Mystereed

    Denial of service?

    As well as maybe being able to pretend to be the original device, this would also be a denial of service - that original sim will stop working and the real IOT traffic which should be transferred will now either be lost or stuck?

    Not an expert on this type of thing, but can that sim be brought back online with the original details or will someone have to physically put another one in? The second will be a major PITA, but the first could result in a tug-of-war, unless extra security is put in place? Plus what's the betting that the attacker would be the one to ask for extra security and the original owner then won't be able to get it back?

    1. John Brown (no body) Silver badge

      Re: Denial of service?

      "Not an expert on this type of thing, but can that sim be brought back online with the original details or will someone have to physically put another one in?"

      Me no expert either, but isn't there a move to software only "sims" and 5G + IoT is the opportunity to do it fully?

  3. Anonymous Coward
    Anonymous Coward

    Bah

    If I understand correctly, SIM swap attacks work by convincing a carrier to provide a replacement SIM, or provide service on an already existing SIM, so this is an "account security" issue rather than a 5G issue...

    1. Venerable and Fragrant Wind of Change

      Re: Bah

      Surely that's beside the point? It's not about how you attack a system, but how far and wide you can go once you've accessed it. You've stolen a valuable key, but how much more might it unlock than just a phone number used for 2FA?

    2. JetSetJim Silver badge

      Re: Bah

      This seems to be along the lines of: "black hat convinces telco to port an account from an IoT SIM to their own SIM". This means the IMSI will change, but the MSISDN (phone number) remains the same.

      All the IoT user needs to do is have in their servers an IMSI authentication routine that is completely decoupled from the Telco authentication scheme - i.e. maintain your own list of IMSIs and check against that (assuming the black hat can't spoof it anyway, in which case you're screwed no matter what you do)

  4. Will Godfrey Silver badge
    Unhappy

    That's a lovely pyamid you've got there

    But why did you balance it on its (weakest) point?

    1. Anonymous Coward
      Joke

      Re: That's a lovely pyamid you've got there

      Where's the originality in putting the point at the top? It's been done long ago.

  5. Doctor Syntax Silver badge

    It's so convenient to hand over difficult stuff to somebody else. And they have so much incentive to do such a better job than you have when it comes to security.

  6. waserman

    Disable SIM swapping by default

    > SIM jacking, or SIM swapping as it’s better known, is the criminal art of convincing telcos to port a victim’s number to a new SIM card controlled by the criminal

    As I understand it, for convience, SIM swapping was introduced to allow customers to retain their phone number when transfering to another telecom company. Wouldn't the simplest solution be to have the option to disable Porting Authorisation Code (PAC) being provided for that account. To transfer an account, you would have to go back to the old-fashioned method. Cancel account, make new account, get new (non-transferable) number.

    1. JetSetJim Silver badge

      Re: Disable SIM swapping by default

      > Wouldn't the simplest solution be to have the option to disable Porting Authorisation Code (PAC) being provided for that account.

      Quite, but that would probably require a change to *all* telco infrastructure s/w that's involved in number porting - which isn't simple/cheap, even if on the face of it all that is required is a bit-flag against an IMSI in a database plus a test that looks at this flag on PAC requests

    2. Shaun Blagdon

      Re: Disable SIM swapping by default

      > To transfer an account, you would have to go back to the old-fashioned method. Cancel account, make

      new account, get new (non-transferable) number.

      And thus destroying all competitiion in the telco market, killing off all new MVNO's business plans and what about lost or damaged SIMs?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019