That doesn’t mean that we know nothing. One of the major participants in the 5G security work is Ericsson, which put out a paper on the subject in June, 2015. Ericsson says that that 5G’s security will evolve from 4G to focus on four main areas:

1. New trust models: 5G services are expected to serve safety-critical systems, such as in public safety. Devices will explode beyond phones to the Internet of Things (IoT), including shipping containers, industrial controls, and connected vehicles. The report brings up an unpleasant thought: “Devices have so far been assumed to comply with standards and not to deliberately attempt to attack networks. But how well protected are very low-cost devices? Can a single connected device be used as a stepping stone for cyber-attacks deep into the system? And what is the attack surface of a 5G system with billions of inexpensive, connected devices?”
2. Security for new service delivery models: In the 4G and older cellular era, everyone assumed that a cellular end node (like a handset or tower) was a dedicated, proprietary piece of hardware. In 5G, much more will be virtualized through NFV (Network Functions Virtualization) and SDN (Software Defined Networks). New security protocols are needed to isolate virtualized services from each other.
3. Evolved thread landscape: 5G devices will be part of critical infrastructure which will attract new attackers who will go beyond simply disrupting services (like destroying a cell tower). Instead, attackers may attempt to co-opt those 5G devices and networks. This will require stronger protocols for device authentication, user authentication (often clear-text usernames and passwords), and strong cryptography.
4. Increased privacy concerns: Users are concerned about mass surveillance, and there have been reports of rogue base stations conducting man-in-the-middle attacks. The Ericsson report also mentions the user identifiers for cellular devices, which haven’t been updated in a very long time. While there are proposals for replacing new protocols, the study says, “the benefits of full International Mobile Subscriber Identity (IMSI) protection have so far not seemed to outweigh the complexity of implementing it.”

More Unknowns than Knowns

While 4G LTE has good enough security for today’s smartphones, it’s not enough for the future especially when you factor in IoT. We will have new devices and new ways of using those devices. Oh, and scalability will be a challenge as well. To quote from “Security and impact of the IoT on LTE mobile networks,” a pre-publication book chapter by Roger Piqueras Jover of the AT&T Security Research Center:

“As mobile networks evolve and transition towards 5G, the capacity and throughput of the wireless interface is scaled up to tackle the goals of massive device connectivity and 1000 times more capacity. To do so, researchers are already prototyping advanced systems at high millimeter wave frequencies and implementing massive MIMO [multiple input multiple output] systems. However, a common topic of discussion at a major 5G industry forum was how it is not all about speed, but also about scalability. The scalability of billions of embedded devices joining existing LTE and future 5G networks is one of the major availability challenges within the field of IoT security.”

There’s a lot riding on 5G. We need it, and we need its security. We’ll continue to keep an eye on it.