The report finds that most of today’s 5G networks, just\nlike 4G ones, are vulnerable to the following types of attacks:<\/p>\n\n\n\n
- Disclosure of subscriber information (including TEID and location data)<\/li>
- Spoofing, which can be used for fraud and impersonation attacks<\/li>
- DoS attacks on network equipment, resulting in mass disruption of mobile communication <\/li><\/ul>\n\n\n\n
![\"\"](\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2020\/06\/Dmitry-Kurbatov.jpg\")
Dmitry Kurbatov, CTO at Positive Technologies <\/figcaption><\/figure><\/div>\n\n\n\n Dmitry Kurbatov, CTO at Positive Technologies commented, “Every network tested was found to be vulnerable to DoS, impersonation and fraud. In practice, this means that attackers could interfere with network equipment and leave an entire city without communications, defraud operators and customers, impersonate users to access various resources, and make operators pay for non-existent roaming services. Moreover, the risk level is very high: some of these attacks can be performed using just a mobile phone.”<\/p>\n\n\n\n
Kurbatov continued: “The non-standalone arrangement,\nplanned as temporary, will be the only available option for the next few years\nas 5G core standalone is being established. Therefore, we can say that most of\ntoday’s 5G networks, just like 4G ones, are vulnerable to these types of\nattacks. This makes the security vulnerabilities of the GTP protocol urgent – as\nthe increased use of 5G vastly increases the damage an attack such as a denial\nof service attack could do.<\/p>\n\n\n\n
“Currently, operators are putting very few security measures in place to protect against these vulnerabilities and are also making configuration mistakes that are putting their networks at further risk. We urge operators to read this research and pay more attention to the GTP protocol and follow the recommendations of the GSMA FS.20 GPRS Tunnelling Protocol (GTP) Security, including implementing ongoing monitoring and analysis of signalling traffic to detect potential security threats. With the roll-out of 5G these issues have never been more important – attempts to implement security as an afterthought at later stages may cost much more so security has to be a priority during network design.”<\/p>\n\n\n\n
For more, see Carl Ford’s post from a few years back discussing SS8 or the lack thereof<\/a>.<\/p>\n\n\n\n
See the ONLY 5G, SD-WAN, Contact Center, Tech and Communications companies that matter <\/a>at the <\/strong>ITEXPO<\/strong><\/a> #TECHSUPERSHOW<\/strong>.<\/p>\n\n\n\n
This Event has been called the BEST SHOW in 5 YEARS<\/strong> and the Best TECHNOLOGY EVENT of 2020<\/strong><\/a>.<\/p><\/blockquote>\n\n\n\n
2020 participants included: Amazon, Cisco, Google, IBM, ClearlyIP, Avaya, Vonage, 8\u00d78, Comcast Business, BlueJeans, CoreDial, Dell, Edify, Epygi, FreeSWITCH, Fuze, Grandstream, Granite, Intrado, Frontier Business, Fujitsu, Jenne, West, Konftel, Intelisys, Martello, NetSapiens, OOMA, Oracle, OpenVox, Peerless Network, Phone Sentry, Phone.com, Poly, QuestBlue, RingByName, Sangoma, SingTel, SkySwitch, Spracht, Spectrum, Sprint, Tallac, Tech Data, Telarus, TCG, Teledynamics, Teli, Telinta, Telispire, Telstra, TransNexus, Unified Office, Vital PBX, VoIP Supply, Voxbone, VoIP.MS, Windstream, XCALY, XORCOM, Yealink, Yubox, and ZYCOO. Full List.<\/strong><\/a><\/p>\n\n\n\n
Join 8K others with $25B+ in IT buying power who plan 2021 budgets! Including 3,500+ resellers!<\/strong><\/p>\n\n\n\n
A unique experience with a collocated\u00a0Future of Work Expo<\/a>,\u00a0SD-WAN Expo<\/a>,\u00a0and\u00a0MSP Expo<\/a>\u2026<\/p>\n\n\n\n