Mobile Communication Security: From 2G/4G to 5G – Technical Risks, Attacks, and Countermeasures

The Ant Group Basic Security team partnered with Beijing University of Posts and Telecommunications to deliver a two‑session lecture series on mobile communication security, discussing both academic research and industry practice.

Session 1 – Security in the 2G to 4G Era highlighted the prevalence of fake base stations, SMS spam, and verification‑code hijacking in the 2G era, and explained how the transition to 4G improved network protection. It also described Ant Group’s payment‑related services (Alipay app, wearable payments, mobile POS) and the company’s intelligent risk‑control system that safeguards user funds and data.

Session 2 – 5G Security in 2020 examined the rapid deployment of 5G, the emergence of new threats, and the split between technical‑layer risks (network function virtualization, network slicing, edge computing, open interfaces) and ecosystem‑layer risks (vertical‑industry applications). Specific vulnerabilities were presented:

5G Messaging (RCS) – potential plaintext transmission when IPsec is disabled, enabling interception and spoofing.

NULL SCHEME – emergency‑mode plaintext signaling that some operators mistakenly enable for all users.

AS Key‑Stream Reuse – reuse of encryption keys after call termination, allowing decryption of earlier sessions.

IMP4GT – exploitation of ICMP to recover communication keys.

SLIC – location‑identification attack via carrier aggregation broadcast lists.

The article notes that most of these flaws have been patched by operators and device manufacturers, while some protocol‑level issues require longer remediation cycles. Ant Group’s security team actively participates in 3GPP and GSMA standard bodies to track and fix such vulnerabilities.

Beyond the lectures, Ant Group collaborates with Shanghai Jiao Tong University to launch a joint "Wireless Radio Security" curriculum, integrating seven courses into the university’s cyber‑security program and aiming to train over 10,000 security professionals across 30 universities in three years.

Finally, the article emphasizes that network‑protocol security will remain an ongoing challenge and calls for more talent to contribute to safer communications.