The 5G revolution — new capabilities, new threats
5G technology is not just faster mobile internet. It is a fundamental change in telecom network architecture that introduces software-defined networking, network function virtualization (NFV), edge computing, and the ability to connect millions of IoT devices per square kilometer. Each of these innovations delivers business benefits — and simultaneously opens new attack vectors.
For telecom operators, 5G changes the security paradigm. In 2G-4G networks, infrastructure relied on dedicated hardware from one or two vendors with relatively simple architecture. 5G networks are a complex ecosystem of multi-vendor components, virtualized functions running on standard server hardware, and distributed edge infrastructure. The attack surface grows exponentially.
At the same time, 5G networks are becoming the foundation of critical infrastructure: smart energy grids, autonomous vehicles, remote surgery, public safety systems — all these applications require the highest levels of reliability and security. Compromising a 5G network is not just the operator’s problem — it threatens the entire ecosystem of services built on top of it.
Software-defined networking and virtualization — a new attack surface
Traditional telecom networks relied on dedicated hardware devices whose compromise required physical access or specialist knowledge of telecom protocols. 5G networks move network functions to software running on standard x86 servers — meaning attackers can exploit known vulnerabilities in operating systems, hypervisors, and containers.
Network Function Virtualization (NFV) means 5G network elements — core nodes, firewalls, billing systems — run as containers or virtual machines. Compromising a hypervisor or container orchestrator (Kubernetes) can give an attacker control over multiple network functions simultaneously.
Open RAN — an architecture that opens interfaces between radio network components — increases flexibility and reduces costs, but simultaneously expands the attack surface. Every open interface is a potential entry point, and interoperability between components from different vendors creates complexity that makes security verification difficult.
Network slicing — isolation that can fail
Network slicing is one of 5G’s key innovations — the ability to create virtual, isolated networks (slices) within a single physical infrastructure. Each slice has its own performance, reliability, and security parameters. An operator can offer a dedicated slice for an energy network with guaranteed ultra-low latency, another for massive IoT, and yet another for consumer services.
Network slicing security rests on the assumption that inter-slice isolation is impenetrable. But is it? Security research indicates several attack vectors. Side-channel attacks may allow inferring activity in another slice based on shared physical resources. Configuration errors in the slice orchestrator can lead to excessive privileges. Attacks on the management plane can enable slice parameter modification or deactivation.
The consequences of a network slicing attack are particularly severe when one slice serves critical applications — such as remote surgery or public safety systems. Disrupting or degrading such a slice can directly impact human health and safety.
Massive IoT — millions of devices as a potential botnet
5G mMTC (massive Machine-Type Communications) enables connecting up to one million devices per square kilometer. Smart meters, environmental sensors, monitoring systems — each of these devices is a potential network entry point.
IoT devices often have limited computational resources, preventing implementation of advanced security mechanisms. Many use default passwords, receive no firmware updates, and communicate using unencrypted protocols. Compromised IoT devices can be recruited into botnets and used for DDoS attacks against the operator’s infrastructure or its customers.
The scale of the problem grows every year. Projections indicate billions of IoT devices connected to 5G networks by 2030. For telecom operators, managing the security of this ecosystem represents one of the greatest challenges.
Edge computing — distributed infrastructure, distributed risk
Multi-access Edge Computing (MEC) moves data processing closer to the user — to base stations and aggregation points. This reduces latency but simultaneously distributes infrastructure, making physical and digital protection more difficult.
Edge nodes located in street cabinets, on building rooftops, or at base stations are harder to physically secure than central data centers. At the same time, they process user and application data — making them attractive targets. Compromising an edge node can allow intercepting user data, modifying network traffic, or using the infrastructure to attack other network elements.
Edge computing APIs — interfaces enabling developers to deploy applications on the operator’s edge infrastructure — represent an additional attack vector. Inadequately secured APIs can allow unauthorized deployment of malicious code or access to other applications’ data.
5G supply chain security
5G infrastructure consists of components from multiple vendors: radio equipment, core platforms, virtualization software, management systems. Every vendor in the supply chain is a potential attack vector.
The EU 5G Toolbox recommends assessing vendor risk profiles and limiting dependence on high-risk vendors. National regulations on telecom equipment vendor assessment impose obligations on operators to verify component security.
Vendor diversification reduces the risk of dependence on a single source but increases security management complexity. Every interface between components from different vendors must be verified for vulnerabilities. Updates from one vendor can cause compatibility issues with another vendor’s components.
How operators can protect 5G infrastructure
Protecting 5G networks requires a multi-layered approach. At the infrastructure level: hardening virtualization and container platforms, network segmentation, securing Open RAN interfaces, and monitoring component integrity.
At the service level: verifying network slicing isolation, securing edge computing APIs, managing IoT device identity, and end-to-end traffic encryption.
At the process level: continuous security monitoring through a SOC capable of telecom threat analysis, vulnerability management accounting for NFV specifics, penetration testing of 5G infrastructure, and tabletop exercises simulating network attack scenarios.
At the supply chain level: vendor risk profile assessment, component security audits, update and patch monitoring, and strategic diversification.
nFlo supports telecom operators in building 5G network security — from infrastructure security audits to continuous threat monitoring and penetration testing of new deployments.
Related topics
See also:
