5G networks that incorporate legacy technology could be vulnerable to compromise via a lack of mapping between transport and application layers, according to a report by Ireland-based AdaptiveMobile Security.\n\n5G resources\n\nWhat is 5G? Fast wireless technology for enterprises and phones\nHow 5G frequency affects range and speed\nPrivate 5G can solve some problems that Wi-Fi can\u2019t\nPrivate 5G keeps Whirlpool driverless vehicles rolling\n5G can make for cost-effective private backhaul\nCBRS can bring private 5G to enterprises\n\n\nNetwork slicing is central to realizing many of 5G\u2019s more ambitious capabilities because it enables individual access points or base stations to subdivide networks into multiple logical sections\u2014slices\u2014effectively providing entirely separate networks for multiple uses. The slices can be used for different purposes\u2014say, mobile broadband for end-users and massive IoT connectivity\u2014at the same time, without interfering with each other.\nResearchers discovered a vulnerability that, if exploited, can enable an attacker on one slice to gain access to data being exchanged on another or, in some circumstances, gain access to the 5G provider\u2019s core network.\nOne simulated attack described by AdaptiveMobile as a rogue network function belonging to one slice establish a TLS connection to a provider\u2019s network repository function (NRF), a central store of all the 5G network functions in a provider\u2019s network. The rogue function request access to another slice on the same network, and the NRF checks to see whether the rogue slice is allowed. Because both slices share the same network function, as far as the NRF is concerned, it\u2019s a valid request and a token for the target slice could be generated. This could grant the malicious slice access to a great deal of information on the other slice, including personal data.\nAccording to AdaptiveMobile, this works because the current specification for the network-slicing function doesn\u2019t require \u201clayer matching\u201d between different slices on the same network. Hence, the NRF, when confronted with this malicious request, merely sees an authenticated partner asking for a valid service request, and doesn\u2019t check to see whether the correct slice is the one making that request.\nAnother potential vulnerability could allow a rogue slice to perform a phantom DoS attack against another slice by manipulating HTTP-based service requests to the NRF and tricking it into thinking that the target slice is overloaded and should not be contacted. Moreover, a further lack of identity-checking among different users and slices on the same network could allow malicious users to gain access to other data, including critical information on other customers.\nThe solution isn\u2019t simple because general TLS and IP-layer firewalls don\u2019t have the capability to differentiate which layer is talking to which, according to AdaptiveMobile. The only alternative is enforcing additional validation on communications between different layers and between layers and the NRF to ensure that these potential attacks can\u2019t function.