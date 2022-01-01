Mobile operators have traditionally relied on proprietary hardware from vendors like Ericsson, Nokia, and Huawei to build their networks. But in recent years, there has been a major push to "virtualize" network functions, which involves replicating key components in software so they can run on generic hardware, or even in the cloud. And the advent of 5G has only heightened the demand for virtualization, in particular when it comes to radio access networks (RANs)—the part of the network involved in connecting end-user devices like cellphones to the network core.

[...] This makes it much easier to break into such virtualized networks than was previously possible. Among the entry points the team discovered included a backdoor-revealing API that had been posted publicly to the Internet as well as an old development site that had accidentally been left online. But the increased ease with which attackers can penetrate the networks is not in and of itself the main problem. "The really critical question is how difficult it is to break through from your initial foothold to something actually valuable within the network," says Nohl.

His team found it was worryingly easy to move deeper into the networks they tested, thanks primarily to poorly configured "containers." These are self-contained packages of software that bundle up an application and everything needed to run it—code, software libraries, and configuration files—so that it can be run on any hardware. Containers are a critical part of the cloud, because they allow different applications from different companies or departments to run alongside one another on the same servers. Containers are supposed to be isolated from one another, but if they are poorly configured it's possible to break out and gain access to other containers or even to take control of the host system. In multiple instances Nohl and his team found misconfigured containers that allowed them to do just this.

[...] Nonetheless, [Dmitry Kurbatov is optimistic about the shift to 5G. Previously, operators had little option but to trust vendors when it came to security, but now they will be able to take matters into their own hands. "You actually can have full visibility and control over [5G] systems and functions, which means now you have the chance as the network owner to be much more secure," he says.

And even more important, the industry isn't alone in going through the transition to the cloud, says John Carse, chief information security officer at the Japanese operator Rakuten Mobile, which has been a champion of Open RAN principles. "This is a good thing because it means telecom doesn't have a special problem to solve," he says. "Telecom can benefit from adoption of techniques happening in all the industries surrounding it versus trying to overcome proprietary challenges."