A newly published research warns that the modern communication protocols that Mobile Network Operators ( MNOs) are using have high-impact vulnerabilities that can be exploited by malicious actors. Mobile fraud, impersonation, interception of user data and even Denail of Service (DoS) attacks can be carried out through the detected flaws.
The warning news are a part of a report on new Vulnerabilities in LTE and 5 G Networks 2020, published last week by the London-based cyber security firm Positive Technologies. The published report covers the results of the safety evaluations carried out on behalf of 28 telecommunications operators across Europe , Asia , Africa and South America for the period 2018-2019.
The affected Internet Protocol (IP) communications standard, referred to as the GPRS Tunnelling Protocol (GTP), specifies a set of data traffic rules for 2 G, 3 G and 4 G networks. This same GTP Protocol is the foundation for the GPRS core network and its successor, the Evolved Packet Core (EPC) and allows for users to maintain connectivity to the Internet while moving from one place to another.
According to the report of Positive Technologies, the GTP Protocol contains a range of vulnerabilities that threaten both mobile operators and their customers. If attackers decide to exploit these vulnerabilities, they may interfere with the network’s equipment and, in this way, leave a city without communications. The crooks may also impersonate users to access various details and resources, and use network services at the expense of the operator or the users.
Mobile network hacking
The main flaw comes from the fact that the protocol does not check the actual location of the subscribers, thus making it hard to verify the legitimacy of the incoming traffic. Another security flaw lies in the method of verification of subscriber credentials which allows bad actors to spoof the node that acts as SGSN (Serving GPRS Support Node).
What is more disturbing, however, is the potential for fraud and impersonation, where the attacker can use a compromised identifier to use mobile Internet at the expense of the user. In this scenario, the malicious actor is able to hijack user session data containing the real subscriber’s identity (e.g. phone numbers) to impersonate this person and to use the Internet on his behalf. The report reveals that such attacks can also be used by a dishonest Mobile Network Operator for the creation of roaming traffic where he charges the subscribers of another operator for non-existent roaming activity.
In their report, Positive Technologies also say that the 5 G networks are equally vulnerable to spoofing and disclosure attacks, because they use EPC as a core wireless communications network. In addition to that, they have found that each tested network is susceptible to denial of service attack against network equipment and can prevent valid subscribers from logging into the Internet, thereby disrupting mobile communications services.The researchers also say that mass loss of communication is particularly dangerous for 5 G networks because their subscribers are mainly IoT devices like industrial equipment, intelligent housing and municipal facilities.
In relation to addressing the security issues, Positive Technologies calls upon operators to carry out GTP whitelist-based IP filtering to monitor traffic in real time and to take steps to block unauthorized activities. They also call for implementing GSMA security guidelines.
The report concludes that during network design, protection must be a priority more than ever before, as operators are now starting to actively build 5 G networks. The file also highlights that the operators may end up with long-term vulnerabilities that cannot be fixed if the attempts to implement security measures don’t start now.