Background
Security attacks can affect all technology, including mobile devices. Mobile operators use encryption technologies to deter criminals from eavesdropping and intercepting traffic.
The barriers to compromising mobile security are high, and research into possible vulnerabilities has generally been technically complex. While no security technology is guaranteed to be unbreakable, practical attacks on mobile services are rare because they tend to require considerable resources, including specialised equipment, computer processing power and a high level of technical expertise beyond the capability of most people.
Reports of eavesdropping are not uncommon, but such attacks have not taken place on a wide scale and 4G and 5G networks are considerably better protected against eavesdropping risks than earlier generation networks. 5G technology boasts a host of new security capabilities that further enhance protection levels.
Debate
How secure are mobile voice and data technologies and what is being done to mitigate the risks?
Do emerging technologies and services create new opportunities for criminals?
How is 5G, and all the capabilities it brings, affecting the security landscape?
Industry position
The protection and privacy of customer communications is at the forefront of mobile operators’ concerns.
The mobile industry makes every reasonable effort to protect the privacy and integrity of customer and network communications.
The GSMA leads a range of industry initiatives to make mobile operators aware of the risks and mitigation options available to protect their networks and customers.
This work, described below, is recognised by regulators around the world as sufficient to eliminate the need to formally regulate.
- The GSMA works with a large group of experts to facilitate an appropriate response to threats. It plays a key rolein coordinating the industry response to security vulnerability research through its Coordinated Vulnerability Disclosure (CVD) programme.24
- The GSMA’s Telecommunication Information Sharing and Analysis Centre (T-ISAC) collects and disseminates information and advice on security incidents within the mobile community in a trusted and anonymised way. The GSMA has also conducted a comprehensive threat analysis involving industry experts from across the ecosystem, regulators and public sources, such as 3GPP, the European Union Agency for Cybersecurity (ENISA) and the National Institute of Standards and Technology (NIST), and mapped these threats to appropriate and effective security controls. This analysis has been collated into a range of security guidance publications, including the GSMA Baseline Security Controls, which helps mobile operators understand and develop their security posture.
- The GSMA’s Fraud and Security Group acts as a centre of expertise for the industry’s management of fraud and security matters. The group seeks to maintain or increase the protection of mobile operator technology and infrastructure, as well as customer identity, security and privacy, to ensure the industry maintains a strongreputation and mobile operators remain trusted partners in the ecosystem.
- The GSMA Mobile Cybersecurity Knowledge Base makes the combined knowledge of the 5G ecosystem available to increase trust in 5G networks and make the interconnected world as secure as possible.
- The GSMA supports global security standards for emerging services and acknowledges the role that SIM- based secure elements have played in protecting customers and mobile services, as SIM cards have proven to be resilient to attack.
- The Embedded Universal Integrated Circuit Card (UICC) approach that has been defined by the GSMA and rolled out by industry inherits the best security properties of the SIM and is designed to build on the protection levels achieved in the past.
- The GSMA constantly monitors the activities of hacker groups, researchers, innovators and a range of industry stakeholders to improve the security of communications networks. The ability of the GSMA to learn and adapt can be seen in the security improvements that have been implemented from one generation of mobile technology to the next.
Resources
GSMA Mobile Cybersecurity Knowledge Base, GSMA
FS.31 Baseline Security Controls, GSMA
GSMA Mobile Telecommunications Security Landscape, GSMA, February 2023
Safety, Privacy and Security Across the Mobile Ecosystem, GSMA, November 2022 GSMA T-ISAC website
24 GSMA Coordinated Vulnerability Disclosure (CVD) programme