Saving Our Spectrum: Handling Radio Layer Vulnerabilities in Wireless Systems

Two of the greatest challenges of the modern technological age are security and privacy. Spectrum, specifically at the radio layer, is particularly vulnerable to attack. How can we better protect our devices and infrastructure? Speakers and panelists at the Silicon Flatirons Center’s Saving Our Spectrum: Handling Radio Layer Vulnerabilities in Wireless Systems Conference came as close as one can to answering this complex question.

A key development in the telecommunications industry is marked by the shift away from the use of wires and fiber to transmit signals to wireless. And while wireless networks reduce capital expenditures, and have great potential in tough to reach places, the world’s increased dependence on radio comes at a cost. Radio receivers, unlike wired connections, cannot be physically protected from attack. This is because in order to function, they must be open to signals.

Professors Hatfield and Gremban led off the conference’s primer with a discussion of three common types of attacks on these systems: sniffing (listening to wireless transmissions for unencrypted signals), spoofing (one user masquerading as another), and jamming (blocking signals to specific or several devices). One of the difficulties in addressing the radio layer vulnerabilities of 4G and 5G networks is that attacks can occur at any layer, meaning both our devices and the network are potentially vulnerable to attack.

Consumers can protect their devices but are limited in their ability to do so. Certainly, one can download any number of applications from the app store that assure consumers of the app’s ability to detect IMSI catchers (or stingray) devices, which helps combat sniffing, but those applications are known to produce false positives, meaning they alert customers to nonexistent threats, and they are not as effective at stopping bad actors as one would hope. This raises the question – if end users can do little to protect themselves, can, and should, companies being doing more to protect devices by securing the network and improving the hardware of our devices?

For the mobile communications companies selling devices and telecommunications equipment, that possess advanced technology and the know-how to address the aforementioned vulnerabilities, there is little incentive for them to make improvements that would secure devices. Adding hardware that would address vulnerabilities in the devices would be expensive, but probably not impossible according to some panelists.

Though it may be some time before we see security features in our devices, more and more companies, advocacy groups, and regulators are attempting to address the vulnerability issue by experimenting with new systems and methods. One way this is being done is by using artificial intelligence and machine learning to detect and respond to attacks on devices and at other layers. AI is particularly useful because of its ability to quickly isolate atypical interactions on the network. Additionally, DARPA’s Spectrum Collaboration Challenge (SC2) is “using AI to unlock the true potential of the RF spectrum,” and promises to deliver some viable solutions as well, so the outcome of that competition will be worth following.

Finally, the 3GPP (Third Generation Partnership Project) has used sophisticated technology to address vulnerabilities to improve user authentication process. This helps networks determine whether users are who they say they are, which helps in instances of spoofing. With each generation of cellular network technologies improving on the last, we have been able to improve our ability to authenticate users – and this trend has held true for 5G. 

Despite the high number of attacks, the situation is not as dismal as it once appeared. In fact, there are already several viable ways to secure radio layer vulnerabilities. These include requiring device manufacturers to include protective features, such as advanced hardware and encryption technology,  before delivering the devices to customers, increasing uses for AI applications, and doing what we have done in the past: hoping that new cellular network generations will lead to improvements in authentication processes.

Though the hope is always that something will be done to totally secure our devices and networks, we must recognize our own technological constraints, as well as the capabilities of bad actors. That said, the three examples outlined above seem to be viable solutions and demonstrate stakeholders’ increased awareness of the issue at hand

Freddy is Managing Editor of CTLJ, Volume 18 and a Research Assistant for the University of Colorado’s Silicon Flatirons Center for Law, Technology, Entrepreneurship. His study and research focus on identifying legal solutions for the issues that arise out of emerging technologies and increasing access to critical technology infrastructure in under-served communities.