SoylentNews is people
SoylentNews
The Trump administration’s so-called “race” with China to build new fifth-generation (5G) wireless networks is speeding toward a network vulnerable to Chinese (and other) cyberattacks. So far, the Trump administration has focused on blocking Chinese companies from being a part of the network, but these efforts are far from sufficient. We cannot allow the hype about 5G to overshadow the absolute necessity that it be secure.
[...] “It is imperative that America be first in fifth-generation (5G) wireless technologies,” President Trump wrote in an October Presidential Memorandum of instructions to federal agencies. While the administration, especially the Trump Federal Communications Commission (F.C.C.), makes much of how the 5G “race” with China is a matter of national security, not enough effort is being put into the security of the network itself. Nowhere in the president’s directive, for instance, was there a word about protecting the cybersecurity of the new network.
As the President’s National Security Telecommunications Advisory Committee told him in November[pdf], “the cybersecurity threat now poses an existential threat to the future of the Nation.” Last January, the brightest technical minds in the intelligence community, working with the White House National Security Council (N.S.C.), warned of the 5G cybersecurity threat. When the proposed solutions included security through a federally-owned network backbone, the wireless industry screamed in protest. The chairman of the Trump F.C.C. quickly echoed the industry line that “the market, not government, is best positioned to drive innovation and leadership.” Government ownership may not be practicable, but the concerns in the N.S.C. report have been dismissed too readily.
Worse than ignoring the warnings, the Trump administration has repealed existing protections. Shortly after taking office, the Trump F.C.C. removed a requirement imposed by the Obama F.C.C. that the 5G technical standard must be designed from the outset to withstand cyberattacks. For the first time in history, cybersecurity was being required as a forethought in the design of a new network standard — until the Trump F.C.C. repealed it. The Trump F.C.C. also canceled a formal inquiry seeking input from the country’s best technical minds about 5G security, retracted an Obama-era F.C.C. white paper about reducing cyberthreats, and questioned whether the agency had any responsibility for the cybersecurity of the networks they are entrusted with overseeing.
The simple fact is that our wireless networks are not as secure as they could be because they weren’t designed to withstand the kinds of cyberattacks that are now common. This isn’t the fault of the companies that built the networks, but a reflection that when the standards for the current fourth-generation (4G) technology were set years ago, cyberattacks were not a front-and-center concern.
-- submitted from IRC
(Score: 0) by Anonymous Coward on Tuesday January 22 2019, @01:52AM
If the USA of all countries can't be arsed with basic aircraft security then what hope do you have for regular consumers?
(Score: 0) by Anonymous Coward on Tuesday January 22 2019, @02:07AM (2 children)
5G will beam the lizard men into your head. Be happy its not happening. 4G isn't even utilized fully yet. Where is our 100Mbps down?
"reducing cyberthreats" is going to be monitoring your location and communications 10x harder while taking even more control from your handset.
(Score: 2, Informative) by Anonymous Coward on Tuesday January 22 2019, @02:20AM
This.
--- https://en.wikipedia.org/wiki/Baseband_processor [wikipedia.org]
(Score: 1) by redneckmother on Tuesday January 22 2019, @03:56AM
OMFG... Where's my (non capped) 20Mbps down?
Most of the time, I get the equivalent of ALMOST dialup speed, with just shy of 1 second latency.
I'm probably not the only one.
FFFFFthank you, HughesNot.... FFFFFthank you, very FFFFFMuch. Enjoy your profits, and know that if I can ever get even an analog line, you can kiss my money goodbye.
Mas cerveza por favor.
(Score: 3, Funny) by Snotnose on Tuesday January 22 2019, @02:25AM (2 children)
Seriously, that's what xG is, pure marketing. There is no 5G spec, companies are making stuff based on what they think the spec will be.
Back in, dang, I'm old, '03? Worked for a startup that wanted to make their wireless the standard,. Remember those ads that had people moving their TVs to the pool? That was this companys IP. Problem? They used the same frequency as a soon to be deployed 802.whatever spec. Hope was, they could hijack the spec cuz their stuff worked so much better. To be honest, it worked great. But they realized too late that it took 2 USB ports to drive their hardware and, well, the 802.11whatever.
Startup needed a second spin of the hardware, they ran out of money. Someone, I think Samsung? bought the IP in bankruptcy, The top echelon got jobs with them (3 people), everyone else got the 2 weeks plus severance.
I came. I saw. I forgot why I came.
(Score: 0) by Anonymous Coward on Tuesday January 22 2019, @01:02PM
"Seriously, that's what xG is, pure marketing. There is no 5G spec, companies are making stuff based on what they think the spec will be."
I would say some of it is marketing.
"AT&T Execs Think It's Really Funny They Misled Consumers About 5G Availability"
https://www.techdirt.com/articles/20190110/13593541373/att-execs-think-really-funny-they-misled-consumers-about-5g-availability.shtml#c94 [techdirt.com]
4GLTE has been out for quite some time now so they need something 'new' to keep selling new phones and justify the price of their service. Why not make some slight improvements and call it 5G! Now they have something new to market away at.
I'm sure there are legitimate improvements but how much of it is just marketing and hype.
(Score: 2) by Snotnose on Wednesday January 23 2019, @12:38AM
Moderated funny? Really? What was 4G What is 5G? I'm surprised nobody has brought up 6G yet.
I've been doing wireless drivers for 20 years now. I find it interesting that somebody in the industry points out a fact and gets modded funny. Sad, yeah, I get that. Whatever.
I came. I saw. I forgot why I came.
(Score: 2) by JoeMerchant on Tuesday January 22 2019, @02:28AM (4 children)
Sorry, can't be arsed to learn why 5G is "better" than 4G which already provides ludicrous bandwidth for handsets with 5" screens. But, whatever it is, maybe when we have a serious security meltdown with it we can design 6G to withstand at least the obvious attacks?
Of course, with 5G near rollout, the standards for 6G and 7G are probably already mired deep in inflexible committee consensus discussions among the worthless engineers of the carriers and handset manufacturers - you know the ones who spend their time going to standards committee meetings instead of actually doing something of value around the office, the same ones who agreed to a 5G without meaningful security?
Україна досі не є частиною Росії Слава Україні🌻 https://www.pravda.com.ua/eng/news/2023/06/24/7408365/
(Score: 0) by Anonymous Coward on Tuesday January 22 2019, @02:37AM
But I connect my laptop via my phone on occasion, then 12.5MB/s would be useful if I got anything like that speed.
(Score: 3, Funny) by EETech1 on Tuesday January 22 2019, @08:22AM (1 child)
https://www.theonion.com/fuck-everything-were-doing-five-blades-1819584036 [theonion.com]
(Score: 0) by Anonymous Coward on Tuesday January 22 2019, @09:14AM
I still want the VA of Cave Johnson to do a recording of this.
(Score: 0) by Anonymous Coward on Tuesday January 22 2019, @10:37AM
You mean the 5a, the 5b then the 5ac standard then maybe the 6... and so on... and so forth..
(Score: 4, Insightful) by c0lo on Tuesday January 22 2019, @03:19AM (2 children)
That's not a bug, that's a feature.
Do you have any idea how much NSA costs the budget every year?
If the govt is gonna spend zilions on walls, they can't afford to pay for advanced interception/decryption technology. Especially now that they got crossed with the Chinese, so bye-bye cheap tech.
(grin)
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 0, Troll) by Anonymous Coward on Tuesday January 22 2019, @03:36AM (1 child)
Considering most USB ports on the phones are hooked up to debug ports I would not worry too much about it. The phone manufactures are the same ones that make the standards and towers.
Just consider it insecure. Do not put anything of value on the things.
so bye-bye cheap tech
Once you realize why all of that junk is made in China you will realize you have been hoodwinked. It is not about cheaper prices. That is a nice side effect. I can build whatever and pass most of the cost onto the consumer. Especially if they *really* want it. Then why? Pollution. The 'cheap tech' is notoriously polluting. A good portion of the united states superfund sites are located in areas around former chip semiconductor processing plants. We are outsourcing our pollution to china. It is easier than dealing with the endless fines. The Chinese just DNGAF about people or pollution unless it embarrasses the people in charge. Then they have ways of dealing with it that would make Stalin blush.
(Score: 4, Funny) by c0lo on Tuesday January 22 2019, @03:53AM
Hoodwinked? Me? No way, man.
I never buy cheap Chinese junk, I always buy the expensive one (large grin).
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 3, Interesting) by captain normal on Tuesday January 22 2019, @06:40AM
"...Trump F.C.C. removed a requirement imposed by the Obama F.C.C. that the 5G technical standard must be designed from the outset to withstand cyberattacks."
We are pawned because the POTUS is a total N00b and his FCC chairman and all his unfired advisers are TelCo hacks.
"It is easier to fool someone than it is to convince them that they have been fooled" Mark Twain
(Score: 0) by Anonymous Coward on Tuesday January 22 2019, @07:05AM
We are going to 7G then. And hang your god damn white paper at the toilet stall.
(Score: 0) by Anonymous Coward on Tuesday January 22 2019, @08:30AM
If you're law enforcement, all you'd need to do is send a warrant to the phone company, and then you can tap into the warrant target's traffic easily. You don't need to be able to decrypt the over the air transmissions, and they should be as hard to crack as possible. Unless of course someone wants to be able to eavesdrop on such communications without a warrant, in which case, that'd have the effect making the entire cellular network insecure, and allow anyone, including foreign spies and criminals, to potentially be able to do the same thing as well.
(Score: 5, Insightful) by ledow on Tuesday January 22 2019, @08:43AM (1 child)
Because anyone with half a brain assumes that ALL transport media are insecure and if they wish to speak securely they layer encryption over them, including encryption capable of verifying genuine endpoints over insecure media.
Like... everything on the Internet (which is insecure). Everything over GSM/2G/3G/4G currently. Everything over wireless. Everything over leased lines. Everything over Ethernet, even.
If you have a need for security, you don't care what the base medium is. You assume that it's hostile, that endpoints may not be who they say they are, and that an adversary is capable of receiving EVERY packet sent and received. And then using those assumptions you design encryption and cryptographic identification and verification algorithms that also work on those assumptions but can produce a secure channel over it.
This is what Diffie-Hellman and all the rest is FOR. Literally generating a shared secret over an insecure channel.
Now, given that it's a public medium, and the public has thus far tolerated GSM, 2G, 3G and 4G which - although increasingly secure, have never actually been "secure" - we can assume that 5G will be the same and the general public won't care. Despite what your average techy might think, or what might be said, the average person really doesn't care that someone "could be listening to their calls". If they didn't, they wouldn't have ever used Skype, or POTS, etc. Thus, the general public will work under the same assumption "Nobody cares about my chat about the vets to my wife, but if they had a pressing legal need to, they could intercept my calls in some way, presumably." Meanwhile anyone who NEEDS a secure channel will do what's always been done - layer encryption OVER such data / voice channels with third-party services, devices, or some other guarantee from the telecoms company, etc.
(Score: 2) by darkfeline on Thursday January 24 2019, @04:40AM
This, but going even further, the transport *shouldn't* be secure, because that security adds unnecessary overhead that you can't even rely on. You need to layer your own security on top of the transport medium period. Any security at the transport layer is wasted.
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Tuesday January 22 2019, @04:29PM
"This isn’t the fault of the companies that built the networks, but a reflection that when the standards for the current fourth-generation (4G) technology were set years ago, cyberattacks were not a front-and-center concern."
Carriers have had dedicated security teams since the movie "wargames" came out. If it isn't a front and center concern that is because they've chosen not to make it a concern. Selling a tool to people that has a high probability of causing them harm, is called criminal negligence. And this has been SOP not just for the carriers (since about 200O or so) but also of the OS vendors (since about 1992), and the browser vendors (since about 1994)
Security costs the vendor. Lack of security costs the consumer. The absence of security is an externalized cost. Further that externalized cost is capitalized on by the vendors who sell additional security products through subsidiaries, that by and large are ineffective. It is the irrational decisions that come from monopoly power. They break shit ON PURPOSE, because they are the only source from which you can buy a a repair, which then promptly fails again. This is normal for monopolies.
The only fix, is to break them up. All of them.