All 4G networks are vulnerable to cyberattack and 5G isn’t immune either
Vulnerabilites in the 'Diameter' signalling protocol used to authenticate and authorize messages and information distribution in 4G networks leave them vulnerable to attack.
Researchers at Positive Technologies replicated the actions of threat actors and their attempts to infiltrate mobile networks were 100 percent successful. They also discovered that the biggest threat was denial of service attacks.
This means 5G networks built on top of previous generation networks will also inherit the same threats -- such as tracking user location, obtaining sensitive information and in some cases downgrading users to insecure 3G networks.
This is because the first generation of 5G networks (5G Non-Standalone) is based on the LTE network core, which means that 5G is vulnerable to the same flaws.
"A lot of the major mobile operators are already starting to roll out their 5G networks and so the industry needs to avoid repeating the mistakes of the past by having security front and centre of any network design," Dmitry Kurbatov, CTO at Positive Technologies says. "If left unchecked, their 5G networks will not be immune from the same vulnerabilities of previous generation networks. Implementing security as an afterthought means further down the line, issues will inevitably arise, and operators will be forced to retrofit security putting strain on their original budget. Trying to fix mistakes on an ad-hoc basis, often results in new solutions being poorly integrated into existing network architecture."
Other vulnerabilities in the diameter protocol mean external actors could track subscriber location and obtain sensitive subscriber information which could be used to intercept voice calls, bypassing restriction on mobile services. Today, mobile operators do not have the resources and operator equipment to perform a deep dive analysis of traffic which makes it difficult for them to be able to distinguish between fake and legitimate subscribers.
Kurbatov adds, "At the moment operators neglect to cross-reference messages to verify a subscriber's location to be able to filter between fake and legitimate messages. Mobile operators cannot afford to ground operations to a halt and so they need solutions which can block illegitimate messages without impacting network performance or user access to the network. Correct filtering of incoming messages is needed using threat detection systems which can analyse signal traffic in real-time and detect illegitimate activity by external hosts and flag up configuration errors as per GSMA guidelines."
The full report is available on the Positive Technologies site.