Unpatched Design Vulnerabilities in 5G Specifications: Exploitation, Detection or Patching for Security?

In this talk, I will discuss unpatched design vulnerabilities in 5G specifications, along with demonstrations of attacks that exploit them. Despite their potential risks, these vulnerabilities will remain “zero-day” due to the end of 5G standardization. I will then explore three directions in which the academic community can contribute to addressing these vulnerabilities: 1) Identifying potential applications that can exploit these vulnerabilities effectively, 2) Developing cellular IDS or IPS that can mitigate the risks associated with these vulnerabilities, and/or 3) Securing 5G design vulnerabilities in 6G technology.
Yongdae Kim
KAIST Cyber Security Research Center, Daejeon, Republic of Korea

Yongdae Kim is a Professor in the Department of Electrical Engineering and the Graduate School of Information Security and a head of Police Science and Technology Research Center at KAIST. He received his PhD from the computer science department at the University of Southern California under the guidance of Gene Tsudik. Between 2002 and 2012, he was an Associate/Assistant Professor in the Department of Computer Science and Engineering at the University of Minnesota Twin Cities. He served as a KAIST Chair Professor between 2013 and 2016 and a director of Cyber Security Research Center between 2018 and 2020. He received an NSF career award on storage security and a McKnight Land-Grant Professorship Award from the University of Minnesota. His main research interest is finding and fixing novel vulnerabilities for emerging technologies such as drones, self-driving cars, and cellular networks.

The Janus Problem: the lessons we’ve learnt and the problems we’ll need to solve in mobile security

Over the past 30 years, digital mobility has transformed the world. We have moved from a world of voice to messaging, to apps, video calling and a device that contains our entire lives.

The technology that we have created has gone through five distinct iterations which have elevated security at each step of the way. Each of these steps has also retained backwards compatibility – a phone on a GSM network can usually communicate with a 5G capable phone. Providing this functionality means maintaining huge legacy – of mobile signalling protocols, SMS and much more. Security in the mobile industry means both looking forward and backwards, embracing new technologies and ensuring they are secure, whilst managing and containing legacy until end-of-life.

This talk will discuss the lessons we’ve learnt and present some of the future challenges we’ll face in order to secure future mobility.

David Rogers MBE
GSMA Fraud & Security Group, London, United Kingdom

David chairs the Fraud and Security Group at the GSMA. He authored the UK’s ‘Code of Practice for Consumer IoT Security’, in collaboration with UK government and industry colleagues and is a member of the UK’s Telecoms Supply Chain Diversification Advisory Council. His company Copper Horse works on range of projects from IoT security to future automotive cyber security.

David holds an MSc in Software Engineering from the University of Oxford and a HND in Mechatronics from the University of Teesside. He lectured in Mobile Systems Security at the University of Oxford from 2012-2019 and served as a Visiting Professor in Cyber Security and Digital Forensics at York St John University.

He was awarded an MBE for services to Cyber Security in the Queen’s Birthday Honours 2019.