• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

5G Versus Wi-Fi: Which is More Secure?

September 6, 2019 By The Editor

cell tower

Most smartphone users assume that cellular data networks are more secure than unknown Wi-Fi. In general they’re correct (and we still advise people to use their cellular data rather than an unknown or public Wi-Fi network when accessing sensitive information on a mobile device)! But, as the 5G rollout progresses, more and more cellular users will be exposed to Wi-Fi security threats via a process called Wi-Fi offloading. There are also weaknesses in 5G traffic itself that can be exploited by a determined attacker. Our Director of Product Management for Wi-Fi, Ryan Orsi, wrote a guest article for Network Computing explaining what these processes are and what 5G and Wi-Fi users need to know about them.

Thanks to the public’s ravenous demand for bandwidth on smartphones and tablets, a large portion of “cellular” traffic is actually offloaded to nearby Wi-Fi networks to help equalize the load. When a device is in range of a Wi-Fi access point configured for this (called Hotspot 2.0 or Passpoint) the connection seamlessly moves to Wi-Fi without any visible change on the user’s device. This is common in large public areas like sports stadiums, malls and airports. 59% of 4G traffic is offloaded now, and Cisco predicts that 71% of 5G traffic will be offloaded. This means these connections can be exposed to common Wi-Fi attacks, like the Evil Twin attack where a hacker sets up a duplicate of a legitimate access point and eavesdrops on the data of anyone that connects to it. Here’s an excerpt from Ryan’s article explaining this issue in more detail.

 Attackers primarily eavesdrop and intercept Wi-Fi traffic via man-in-the-middle positions and are constantly looking for easy ways to steal valuable information, like user credentials for a juicy target like cloud-based HR sites, email, or online shopping and travel sites. For example, if a 5G user has their cellular connection offloaded to an Evil Twin AP mimicking a legitimate Passpoint AP, then the attackers have full visibility into the data stream they thought was private and secured via cellular technologies.

 Offloaded Wi-Fi is technically supposed to be protected by enterprise versions of the WPA2 or WPA3 security protocol. However, both of these encryption methods have suffered serious flaws lately with the KRACK and Dragonblood vulnerabilities, which have exposed fundamental flaws in the system design (although enterprise versions are considered a bit safer). In addition, tools and research are being developed to exploit this protection constantly. Encryption, after all, is supposed to be the last resort of protection for our connections.

Read Ryan’s full article on Network Computing to learn about the other common Wi-Fi attacks that 5G users could be exposed to, and some of the vulnerabilities in 5G traffic itself. Learn more about what WatchGuard does to help solve this problem here and read more about Wi-Fi security standards at https://www.trustedwirelessenvironment.com/what-is-a-trusted-wireless-environment/. There’s also a petition to urge wireless vendors to create a global standard for Wi-Fi, which you can sign here.

Share This:

Related Posts

Filed Under: Editorial Articles, Featured

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • The Hack of the Decade
  • Understanding Fileless Malware Outside the Network 
  • 11 High Severity Vulnerabilities found in Nvidia Software
  • Zyxel Adds a Built-in User With A Easy To Find Password

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 11 High Severity Vulnerabilities found in Nvidia Software
  • Zyxel Adds a Built-in User With A Easy To Find Password
  • The Hack of the Decade
  • Channel Partner Insight Names WatchGuardONE Security Partner Program of the Year
  • Understanding Fileless Malware Outside the Network 
View All

Search

Archives

Copyright © 2021 WatchGuard Technologies · Privacy Policy · Terms of Use