By: Alan Zeichick

Security standards for cellular communications are pretty much invisible. The security standards, created by groups like the 3GPP, play out behind the scenes, embedded into broader cellular protocols like 3G, 4G, LTE and the oft-discussed forthcoming 5G. Due to the nature of the security and other cellular specs, they evolve very slowly and deliberately; it’s a snail-like pace compared to, say, WiFi or Bluetooth.

Why the glacial pace? One reason is that cellular standards of all sorts must be carefully designed and tested in order to work in a transparent global marketplace. There are also a huge number of participants in the value chain, from handset makers to handset firmware makers to radio manufacturers to tower equipment to carriers… the list goes on and on.

Another reason why cellular software, including security protocols and algorithms goes slowly is that it’s all bound up in large platform versions. It’s clear that 3G is quite different from 4G, and that 5G is something else entirely. The current cellular security system is unlikely to change significantly before the roll-out of 5G… and even then, older devices will continue to use the security protocols embedded in their platform, unless a bug forces a software patch. Those security protocols cover everything from authentication of the cellular device to the tower, to the authentication of the tower to the device, to encryption of voice and data traffic. When 5G rolls out (the best estimates are 2020, but who knows?), we’ll see new standards.

We can only hope that end users will move swiftly to 5G, because 4G and older platforms aren’t incredibly secure. Sure, they are good enough today, but that’s only “good enough.” The downside is that everything is pretty fuzzy when it comes to what 5G will actually offer… or even how many 5G standards there will be.

What’s Wrong with LTE?

Has your phone ever wanted to update its “carrier settings?" That may be a reaction to a flaw in cellular security, either in the design of a standard, or in the implementation of the standard through firmware. One example of a recent flaw was published in October 2015. Called “Voice over LTE implementations contain multiple vulnerabilities,” the report from CERT said,

"Current LTE networks rely on packet switching, rather than the circuit switching of previous generations of the mobile network. The use of packet switching and the IP protocol (particularly the SIP protocol) may allow for new types of attacks not possible on previous generation networks. Such types of attacks are well-known in the security community; for example, see previous attacks against Voice over IP (VoIP)."

The report went on to talk about problems with incorrect permission assignments for critical resources, improper access control, improper authentication, and session fixation (which might lead to denial-of-service attacks on the network).

The CERT report is only one demonstration of less-than-Fort-Knox security model in today’s cellular network. Daksha Bhasker of Bell Canada served up a very detailed paper, “4G LTE Security for Mobile Network Operators,” in which she writes,