The networks we use on a daily basis are vulnerable to various types of attacks. Despite the fact that 4G , and especially 5G , have been made to correct most of the flaws of the previous standards, these new connectivity modalities also have flaws. And now, a new one released by cyber security company Positive Technologies allows spying on users.
In the report of “ Vulnerabilities in LTE and 5G Networks 2020 ” prepared by the company, the results of the security analyzes carried out in 2018 and 2019 on the networks of 28 operators in Europe, Asia, Africa and Latin America are detailed. In the analysis, they have discovered flaws in the GPRS Tunneling Protocol (GTP) .
GTP Security Flaw: They Can Hack 4G and 5G
GTP is a standard in the IP communications protocol that defines rules when managing traffic on 2G, 3G and 4G networks . It is also part of the GPRS Core Network , as well as its successor, the Evolved Packet Core (EPC) , allowing users to remain connected to the Internet as they move from one site to another.
This protocol has various vulnerabilities affecting both mobile operators and their clients. As a consequence, an attacker can interfere with network equipment and leave an entire city without communications. You can also impersonate users, and use the services with your identity so that the charges reach your bills.
The flaw is that the protocol does not check the actual location of the client, making it very difficult to verify if the traffic is legitimate. Additionally, there is another architecture-level flaw that affects the way client credentials are verified, allowing an attacker to spoof the node acting as the Serving GPRS Support Node (SGSN).
The 5G NSA and SA, Affected by the Failure
The ruling not only allows to act by impersonating another person’s identity, but also elements of the real user’s session can be obtained, such as their phone number. With this, you can redirect traffic to impersonate that of the hacked user.
The attack has been detailed on 4G networks, but since the 5G NSA also uses the EPC as the Core Network, they are also vulnerable to these attacks. All the studied networks are susceptible to a DoS attack against network equipment, which can prevent users from accessing the Internet. This can be really dangerous in a few years when there are a multitude of autonomous devices that depend on the Internet to control themselves, as well as industrial machinery, smart homes or other elements of the IoT.
To mitigate vulnerabilities, Positive Technologies recommends operators to filter IP addresses at the GTP level, in addition to following the GSMA’s security recommendations to analyze traffic in real time and block any activity suspected of being illegitimate. In addition, they must be implemented before the massive deployment of 5G SA, since if you do not run the risk of having long-term vulnerabilities that cannot be fixed in the future because the GTP protocol will continue to be present in the infrastructure.
Also Read: Sun Nxt Coupon Codes for New User