European 5G Security in the Wild: Reality versus Expectations

5G networks are expected to significantly improve the security of mobile users, thanks to the newly introduced mandatory features which address identified 4G vulnerabilities. In this work, we analysed the progress of current 5G European commercial networks deployments with respect to the expected security features. In order to do so, we collected a dataset comprising 5G measurements from two different operators in Spain, six different cities and both urban and suburban scenarios. The two major network operators considered in our study operate in 70% of the European countries and, due to economies of scale, our results can be reasonably expected to be applicable to other European countries served by the same operators. Our results show that current 5G network deployments miss expectations on i) providing improved privacy and anonymity to subscriber identifiers (transmitting them in clear text),
ii) refreshing often enough temporal subscriber identifiers (facilitating subscriber identification and tracking), iii) additional confidentiality protection (inheriting security vulnerabilities from previous generations) and iv) UE radio capabilities are sometimes transferred without protection (enabling bidding down and battery drain attacks). As already reported in previous works, we are in the midst of the 4G to 5G migration, expected to be mature by 2025. Thus, as we get closer to this date, we expect operators to increasingly deploy 5G security features accordingly, covering the gaps identified by our work.