05-10-2020 | | By Robin Mitchell
With a rush to roll out 5G networks, there is a growing concern of backwards compatibility and old vulnerable tech. What is backwards compatibility, how may it affect 5G, and does it also affect hardware?
Backwards compatibility is the concept whereby newer technologies can support either hardware and software from previous technologies. For example, backwards compatibility is a strong component in modern processors (such as Intel and AMD), whereby the instruction set expands over time, but can still execute code from the past. Another example of backwards compatibility is how modern Microsoft operating systems (such as Windows 10), can run code from previous versions of windows (such as Windows 95).
Backwards compatibility makes up an essential role in all aspects of technology, including mainframes, computer hardware, microcontrollers, and operating systems. Systems and hardware that can support older technologies allow engineers to maintain older generation tech that may still play a crucial role. An example of how backwards compatibility can be necessary is a nuclear reactor with an expected life span of greater than 30 years, which utilises large numbers of sensors. Suppose the plant was to receive a control room upgrade (such as improved network connections or operating systems). In that case, those systems need to be able to work with pre-existing infrastructure, including the sensors.
An example of where backwards compatibility can be observed is the PIC range of microcontrollers. While each generation of PIC microcontrollers uses different registers and data-bus widths, most support a basic instruction set, and more modern PIC microcontrollers have extended instructions to allow for more complex operations. However, the core instruction set still exists, meaning that older PIC code will always work with minimal code changes.
Backwards compatibility allows for older tech to be kept in place, and this is especially useful where that tech is still in use, but making new systems backwards compatible is not always a good idea. 5G, the next generation of cellular technology, will help to power a more connected world driven by technologies including Internet of Things (IoT), Artificial Intelligence, and autonomous vehicles. Unlike its predecessors, 5G offers connected devices the ability to have high download speeds (over 1Gbps), low latency, and more simultaneous connections. While 5G encrypts more data, as well as the introduction of stronger security protocols, it may be at risk due to backwards-compatible systems.
Black Hat Asia, a tech security conference held in Singapore, included researchers who demonstrated how modern networks such as 5G could be vulnerable to systems that are decades old and yet are still able to connect to such networks. Backwards compatibility built into many systems allows for older devices to connect to 5G networks (such as those that cannot support the latest security protocols). For example, Signalling System 7, is a protocol technology used in telephone exchange networks for network translations, establishing and disconnecting calls, SMS, and prepaid billing. The protocol, established in 1975, has barely changed since, and its use in modern cellular networks potentially allows for attackers to bypass two-factor authentication and to intercept phone calls.
Vulnerabilities also arise from devices that are kept in service but are unable to utilise the latest operating systems. For example, millions of smartphones with outdated operating systems are still in circulation, and for each additional year, these devices remain in operation increases the likelihood of an attack. If such devices can access 5G networks, this could lead to attackers hijacking 5G connections on older hardware. But older hardware can often require outdated protocols (as in SS7), which 5G will support (this allows for 3G and 4G devices to connect to 5G networks). As such, these older protocols may also not be updated with the latest security protocols, thus providing attackers with another point of entry.
Hardware compatibility has been important in the PC industry since the introduction of the first IBM PC. The ability for newer computers to speak to older computers allowed for easy transitions without the need to convert files or purchase new hardware (i.e. peripherals). Backwards compatibility was also critical in the early PC years as rapidly changing technology allowed for new features to be introduced frequently without the need for the entire computing industry to alter its fundamentals. For example, the introduction of DDR, DDR2, and DDR3 allowed for increasing memory speeds, but these features remained transparent to the end-user, and both new and old hardware still worked.
However, as shown in 5G cellular networks, backwards-compatible systems mean that underlying mechanisms cannot be dramatically changed. If such systems (such as an instruction set), contain vulnerabilities then attackers may be able to exploit these in any hardware that integrates backwards compatibility. While modern systems may be able to include security hardware that can check for suspicious activity, the result could be legitimate systems not being able to function correctly.
But there is another question raised by backwards-compatible systems; should a 40-year-old piece of software or hardware still be able to run on a modern computer? If a system is hardware compatible with a system from 40 years ago (such as the IBM PC), then what does that imply about the fundamentals of the hardware? As time progresses, so does technology, and if the PC were designed from scratch today, it would most likely be unrecognisable when compared to the IBM PC standard. For example, the CPU would most likely not use code and data segment registers, slow speed buses would most likely be replaced with a single, unified high-speed bus, motherboards may include multiple CPU sockets as standard, and graphics memory may even be kept entirely separate from standard memory. Instruction sets would be redesigned to consider modern languages and programming methods, operating systems would be re-coded to make security the foundation, and networking protocols would be designed with IoT in mind.