Vulnerabilities affect non-standalone 5G networks, putting industrial equipment, smart homes, and city infrastructure at risk
Positive Technologies has published its Vulnerabilities in LTE and 5G networks 2020 report, the fourth in its four-part series on the greatest threats and vulnerabilities in the mobile ecosystem. Based on the findings gathered by Positive Technologies’ experts testing on mobile networks, the report highlights the cyber security risks to networks that originate with the GTP protocol – which is used to transmit user data and control traffic on 2G, 3G, and 4G networks. Non-standalone 5G networks are also vulnerable.
Every tested network was vulnerable to denial of service against network equipment, which would result in legitimate internet users not being able to connect to the internet. Unlike DoS attacks targeted against specific users, denial of service against network equipment means loss of connection for a large number of users and could be especially dangerous for 5G networks because subscribers will also include IoT devices such as industrial equipment, smart homes, and city infrastructure.
Through the GTP protocol, networks were also vulnerable to impersonation attacks, where a criminal assumes the identity of a subscriber to get authorized access to online services and bypass two factor authentication, and fraud, where fraudsters perform mobile traffic drain for fake roamers and make the operator pay for it.