The $492 Million Gamble on Unsecured Airwaves
On December 3, 2025, Algeria officially entered the 5G era. The Autorite de Regulation de la Poste et des Communications Electroniques (ARPCE) awarded three 5G licenses — to Algerie Telecom Mobile (Mobilis), Optimum Telecom Algerie (Djezzy), and Wataniya Telecom Algerie (Ooredoo) — for a combined DZD 63.9 billion, approximately $492 million. Mobilis paid $170.7 million, Ooredoo $161.6 million, and Djezzy $159.2 million.
The rollout launched across eight pilot provinces: Algiers, Oran, Constantine, Setif, Skikda, Ouargla, Tlemcen, and Blida, with operators required to add ten new wilayas per year and achieve at least 50% nationwide coverage by 2031. Djezzy has already accelerated its rollout to 18 provinces, and Ooredoo has announced a presence in every wilaya.
The ambition is clear. Algeria’s 54.8 million mobile subscribers stand to gain speeds 10-100 times faster than 4G, latencies under 10 milliseconds, and network slicing capabilities that can power telemedicine in remote Saharan clinics and smart grid management for Sonelgaz. The government has positioned 5G as a cornerstone of its digital transformation strategy, linking it to e-governance, industrial automation, and diversification away from hydrocarbon dependence.
But beneath the bandwidth promises lies a reality Algeria’s telecom sector has not confronted publicly: 5G does not just upgrade speed — it fundamentally transforms the attack surface. And Algeria’s existing security infrastructure, built for a 2G/3G/4G world, is structurally unprepared for what comes next.
Legacy Protocols: The SS7 Problem That Never Went Away
To understand Algeria’s 5G cybersecurity exposure, start with what is already broken.
Signaling System 7 (SS7), the protocol suite governing global telecom signaling since the 1980s, remains deeply embedded in Algeria’s mobile infrastructure. SS7 was designed when telecom networks were closed systems operated by trusted national carriers. It has no authentication, no encryption, and no access controls. Any entity with SS7 network access — and that access can be purchased for as little as $5,000 on underground marketplaces — can intercept calls, read SMS messages, track subscriber locations in real time, and redirect communications.
This is not theoretical. P1 Security, the French telecom security firm, has documented hundreds of SS7 attack vectors spanning location tracking, call interception, and subscriber identity harvesting. In practice, SS7 exploitation has been used for bank account takeovers by intercepting two-factor authentication SMS codes, surveillance of journalists and activists, and large-scale fraud operations across Africa and the Middle East.
For Algeria, the SS7 problem is compounded by three factors.
First, the interworking requirement. Algeria’s 5G networks must interwork with existing 2G, 3G, and 4G infrastructure for years — potentially a decade or more. SS7 signaling will continue flowing through the network, and 5G subscribers will regularly fall back to older network generations outside 5G coverage areas. Every fallback is a potential exposure.
Second, the roaming architecture. Algeria’s three operators maintain roaming agreements with carriers across Africa, Europe, and the Middle East. SS7 signaling remains the lingua franca of international roaming. Until the global telecom industry collectively migrates away from SS7 — which no credible timeline predicts before 2035 — Algeria’s networks remain exposed through their roaming interconnects.
Third, the SMS dependency. Despite the rise of IP-based messaging, SMS remains the primary channel for one-time passwords, banking notifications, and government service verifications in Algeria. Algerie Poste’s BaridiMob, the country’s most widely used mobile financial service, relies on SMS OTP codes for transaction confirmations — including the newly launched Baridi Pay QR code payment service. Every SMS-based authentication is an SS7 interception opportunity.
New Attack Surfaces: Diameter, SBA, and Network Slicing
5G architecture represents a fundamental departure from previous generations. Where 2G/3G/4G networks were hardware-centric, 5G is software-defined, cloud-native, and service-based. This brings three new categories of risk.
Diameter protocol exploitation. All three Algerian operators are launching 5G in Non-Standalone (NSA) mode, which relies on the Diameter protocol for signaling. P1 Security’s 2025 analysis confirms that Diameter suffers from many of the same fundamental flaws as SS7: spoofing attacks, denial-of-service against Diameter Routing Agents, and information disclosure that can leak subscriber identities and location data. Until operators transition to 5G Standalone architecture, Diameter vulnerabilities are 5G vulnerabilities.
Service-Based Architecture (SBA) risks. 5G Standalone replaces Diameter with an architecture where network functions communicate via HTTP/2 and RESTful APIs. The telecom core essentially becomes a cloud-native microservices platform — exposing it to injection attacks, broken authentication, excessive data exposure, and server-side request forgery. The 3GPP standards define a Security Edge Protection Proxy (SEPP) for inter-operator signaling, but early implementations show inconsistent security postures. Security researchers have demonstrated practical attacks against 5G SBA implementations, including unauthorized access to subscriber data through API manipulation.
Network slicing attacks. Network slicing — creating multiple virtual networks on shared physical infrastructure — is one of 5G’s most commercially valuable capabilities. Algeria’s operators plan differentiated slices for industrial IoT, media streaming, and government communications. But cross-slice attacks remain a documented risk. A 2025 study published in Sensors found that current isolation mechanisms are insufficient, and the NSA and CISA have published joint guidance warning that side-channel attacks, shared resource exploitation, and management plane vulnerabilities can enable cross-slice movement. For Algeria, where the government plans to use 5G slicing for e-governance and critical infrastructure monitoring, this is an operational risk demanding immediate architectural decisions.
Advertisement
54.8 Million Endpoints at Risk
The network is only half the equation. Kaspersky reported that Trojan banker attacks on Android smartphones increased 56% in 2025, with 255,090 new malicious installation packages detected — a 271% surge over 2024. Algeria’s mobile ecosystem is overwhelmingly Android-based, and growing mobile financial services adoption through BaridiMob and CIB payments creates attractive targets for mobile malware campaigns.
The 5G connection is direct: faster speeds mean malware can exfiltrate larger volumes of data more quickly, command-and-control communications become harder to detect amid higher traffic volumes, and the expanded IoT ecosystem creates new lateral movement opportunities.
SIM fraud compounds the risk. SIM swapping — where an attacker convinces or bribes a carrier employee to transfer a victim’s phone number to a new SIM — has become a global epidemic. In Algeria, where mobile numbers are tied to national identity numbers and serve as the authentication backbone for financial services, a successful SIM swap grants access to bank accounts, government services, and private communications simultaneously. 5G introduces eSIM and iSIM capabilities that could reduce SIM fraud through stronger cryptographic binding, but only if operators invest in the infrastructure and updated identity verification procedures.
Lessons from Early 5G Adopters
Algeria is not the first country to confront 5G security. South Korea’s experience offers a stark warning: in April 2025, SK Telecom — the country’s largest carrier — disclosed a data breach that exposed 27 million subscribers’ SIM information. The fallout included a KRW 134.8 billion fine and a mandated KRW 700 billion five-year cybersecurity overhaul, including quarterly vulnerability scans and a restructured CISO reporting line directly to the CEO.
The European Union adopted the EU 5G Toolbox in January 2020, establishing a common framework requiring member states to conduct national risk assessments, apply restrictions on high-risk suppliers for critical network functions, and ensure multi-vendor strategies. Germany, France, and Finland have been the most aggressive implementers, with mandatory security audits of 5G core network functions.
Singapore established a 5G Security Test Bed — a collaborative facility involving wireless providers, equipment manufacturers, and cybersecurity experts — conducting continuous penetration testing against live 5G configurations.
For Algeria, these models point in one direction: proactive, structured, and institutionalized 5G security — not reactive patching after the first major incident.
The Regulatory Gap
Algeria’s cybersecurity regulatory framework, anchored by Law 09-04 (2009, amended 2016) and the National Cybersecurity Strategy 2025-2029 adopted by Presidential Decree No. 25-321 in December 2025, provides a general foundation but lacks telecom-specific 5G security mandates.
The ARPCE has authority to impose security requirements on licensees. The 5G license terms reportedly include general security obligations, but the specifics — what standards operators must meet, what incident reporting timelines apply, what penalties exist for non-compliance — have not been made public.
This opacity is a problem. Without enforceable, publicly auditable security requirements, operators may invest in security selectively — protecting high-value enterprise customers while underinvesting in protections for ordinary subscribers.
EY’s Top 10 Risks for Telecommunications 2025 ranked cybersecurity as the single greatest risk facing the global telecom sector, driven by expanding attack surfaces and growing AI-powered threats. Algeria’s operators, launching 5G later than many peers, have the advantage of learning from others’ mistakes — but only if the institutional framework compels them to act.
Presidential Decree No. 26-07 of January 2026 mandated dedicated cybersecurity units in every public institution. But as of early 2026, no dedicated telecom-sector CSIRT has been publicly announced, leaving operators to manage 5G security threats independently without centralized threat intelligence sharing.
What Must Happen Now
The window for proactive action is narrow. The architectural decisions being made now — vendor selection, core network design, interworking configurations, slicing implementations — will determine Algeria’s 5G security posture for the next decade.
For ARPCE and the government: Publish binding 5G security requirements aligned with international standards (3GPP TS 33.501, GSMA NESAS/SCAS, EU 5G Toolbox principles). Establish a dedicated telecom CSIRT to coordinate incident response across operators and share threat intelligence. Mandate regular independent security audits of 5G core network functions.
For Mobilis, Djezzy, and Ooredoo: Deploy signaling firewalls at all SS7/Diameter interworking points before expanding beyond pilot provinces. Implement GSMA Signaling Firewall Standards (FS.11 and FS.19). Invest in eSIM/iSIM infrastructure for SIM fraud reduction. Build telecom-specific SOC capabilities with 5G network function monitoring.
For enterprises and government agencies: Demand contractual security SLAs from operators for network slices used in sensitive applications. Migrate away from SMS-based authentication to app-based authenticators or FIDO2 hardware keys. Conduct independent risk assessments before deploying 5G for critical operations.
Algeria’s $492 million 5G investment buys spectrum and opportunity. Safety requires a different kind of investment — in institutions, standards, skills, and sustained vigilance — that must begin now.
Frequently Asked Questions
How does 5G change the cybersecurity threat landscape compared to 4G?
5G introduces a software-defined, cloud-native architecture where core network functions communicate via HTTP/2 APIs — the same technology stack as internet applications. This means 5G networks face web-application-class vulnerabilities (API abuse, injection, broken authentication) in addition to traditional telecom signaling attacks. Network slicing adds cross-slice attack opportunities. The attack surface is quantitatively larger and qualitatively different from anything Algeria’s telecom sector has managed.
Are SS7 vulnerabilities actively exploitable in Algeria?
Yes. SS7 vulnerabilities are exploited worldwide, and Algeria’s networks are not exempt. Access to SS7 signaling networks can be purchased for as little as $5,000, enabling SMS interception that threatens BaridiMob transaction codes, real-time location tracking, and call redirection. The key point is that 5G does not eliminate SS7 — the protocols coexist for years during transition, and every 5G subscriber falling back to 3G or 4G is exposed through that fallback connection.
What is the most urgent security action for Algeria’s operators?
Deploying signaling firewalls at all network interworking points — the boundaries where 2G/3G SS7, 4G Diameter, and 5G SBA signaling intersect. These firewalls filter and validate signaling messages, blocking location tracking requests from unauthorized sources, SMS interception attempts, and identity harvesting. The GSMA provides standards (FS.11 for SS7, FS.19 for Diameter) defining exactly what these firewalls must do. South Korea, Japan, and several European operators have deployed them with measurable results.
Sources & Further Reading
- Algeria Awards Three 5G Licences for $492M — Developing Telecoms
- SS7, Diameter, GTP, IMS & 5G Vulnerabilities: Top Mobile Network Security Risks in 2025 — P1 Security
- Trojan Banker Attacks on Smartphones Increased 56% in 2025 — Kaspersky
- 5G Network Slicing: Security Challenges, Attack Vectors, and Mitigation Approaches — Sensors/MDPI (2025)
- Top 10 Risks for Telecommunications in 2025 — EY
- EU 5G Toolbox: Cybersecurity Risk Mitigating Measures — European Commission
- Potential Threats to 5G Network Slicing — NSA/CISA
- SK Telecom Breach Exposes 27M Users — EntropYa
