The European Commission (EC) highlighted significant security challenges arising from deployment of 5G networks following a wide-reaching risk assessment around the technology, in what is being regarded as a thinly-veiled swipe at Chinese vendors Huawei and ZTE.

Following risk assessments by the bloc’s 28 member states, the EC highlighted several security challenges it believes are likely to appear or become more prominent in 5G than in previous generations of mobile technology.

In part, this is because 5G networks will be “the future backbone of our increasingly digitised economies and societies”, it noted, citing applications in critical sectors including energy, transport, banking, and health.

The EC noted risks are increased because 5G will rely more on software than previous generations. It highlighted the potential for major security flaws due to “poor software development processes within suppliers”, which it said could make it easier for malicious players to “insert backdoors into products” which would be harder to find than today.

Operator’s reliance on infrastructure vendors was also highlighted as an area of concern, particularly in cases where an operator uses only one supplier in its network. The EC said over-reliance on vendors would increase the potential attack plane, citing “non-EU states or state-backed” players as the greatest threat to 5G security.

“In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the liklihood of the supplier being subject to interference from a non-EU country,” it stated.

Swipe
While Huawei and ZTE were not named in the EC statement, its comments regarding the robustness of software and state backing inevitably led to speculation the region is leaning towards following the US and other countries by prohibiting their involvement in 5G rollouts.

Nokia CTO Marcus Weldon in June accused Huawei of sloppiness in terms of patching previous glitches, though Nokia swiftly distanced itself from the criticism.

Huawei has long faced accusations it is backed by the Chinese state, apparently due to founder and CEO Ren Zhengfei’s former role in the army, but the screws have only truly been turned in recent months as the US stepped up its campaign against the company.

ZTE faced US wrath in 2018, when it was banned from doing business in the country after breaching trade sanctions on Iran. The block was subsequently dropped, but only after the vendor coughed up $1 billion and agreed to strict oversight by US authorities.

The EC plans to identify ways of mitigating the risks it identified by end-December, with member states due to report back on whether further action is necessary by 1 October 2020.