New 4G, 5G Network Flaw ‘Worrisome’

New 4G, 5G Network Flaw ‘Worrisome’ Weaknesses in the voice and data convergence technology can be exploited to allow cybercriminals to launch DoS attacks and hijack mobile data.4G and 5G wireless networks’ Evolved Packet Core (EPC) architecture can be exploited to intercept and collect mobile data as well as launch denial-of-service (DoS) attacks, according to new research. 
Positive Technologies recently discovered a key flaw in EPC’s GTPv2 protocol: EPC’s special interfaces used to exchange information between its components and based on its GTPv2 protocols lack built-in data encryption mechanisms.
The findings represent the latest in a string of vulnerabilities discovered in 4G networks. Researchers have spotted flaws that can be exploited to make IMSI-catchers more adept at snooping, as well as to allow the Diameter protocol to play a role in launching DoS attacks on 4G and 5G devices.
EPC converges voice and data on the network, a step up from processing voice and data separately. But EPC also has shortcomings, says Dmitry Kurbatov, head of Positive Technologies’ telecommunications security department.
人们的道德水平也参差不齐,如何保障您的业务机密信息不落入商业竞争对手那里?
When a user is on a 4G network with his or her mobile phone, the EPC nodes use a number of protocols, including the General packet radio service Tunneling Protocol (GTP). This protocol is a group of IP-based communications protocols that carry general packet radio service within mobile networks. It allows mobile users to remain connected to the Internet when traveling or moving about, Kurbatov explains.
However, DoS attackers using brute force on Tunnel Endpoint Identifiers (TEIDs) can simultaneously disconnect a number of users at once, because multiple phone connections run through the same GTP tunnel, he adds.
“The potential risks are large enough to be worrisome,” says Silke Holtmanns, a security expert at Nokia Bell Labs, who has conducted research on the 4G Diameter protocol.
Attackers looking to exploit these types of vulnerabilities in 4G networks do not need hard-to-obtain tools or considerable skill, says Kurbatov.
“Before 4G LTE, voice-call interception required that attackers have special equipment and in-depth knowledge of all the specific protocols used for voice calls,” explains Kurbatov. “But since 4G networks are built on the principle of an all-IP network, the attacker can use all currently available hacking tools, which are largely automated and do not require a deep understanding of the nature of the attack.”
Other risks include EPC nodes found exposed on the Internet that then can be hacked and, of course, there is always the potential of an insider gaining access to the infrastructure to launch attacks, says Pavel Novikov, head of Positive Technologies’ research group for telecom security.
Security researchers like Andrew Blaich at Lookout say 4G and 5G attackers are likely to be groups with an interest in conducting surveillance on others, such as nation-states, or cybercriminals seeking to commit bank fraud and other crimes.
安全意识教育之节日互联网安全生存赛
Risks to Smart Cities, Businesses, and Users
The 4G and 5G EPC attack scenarios largely fall into three categories: interception of data, such as text messages and unencrypted email messages; a collection of data, such as the location of the device; and disruption of services like DoS attacks.
“Just like with any DoS attack, IoT devices used in the infrastructure of smart cities can be almost permanently disconnected from the network, which means cities lose control over their operation,” says Kurbatov.
Enterprises should assume that when they send something over a 4G or 5G network, it has the potential to be intercepted, says Blaich. As a result, organizations should safeguard their apps, devices, and services with their own security layer, rather than relying on the security of the network.
He also advises enterprises to use apps and services that have the latest version of TLS, or HTTPS, to ensure data cannot be easily decrypted when connected to a website. He adds that man-in-the-middle security technology should be deployed to catch improperly signed certificates that pretend to vouch for bogus services.
“These protections need to be enabled at the device and app layer as well as checks back on the services and server side to ensure proper end-to-end protection for sensitive data,” Blaich advises.
For users, the risk on a 4G or 5G network is similar to other mobile networks as well as on Wi-Fi, warns Blaich. Users need to use apps that transmit data securely using secure transport channels and protocols, rather than relying on SMS/MMS for sensitive information, he adds.
Positive Technologies has not contacted mobile operators regarding its findings in its report, but instead has contacted industry trade groups, such as Groupe Speciale Mobile Association (GSMA), to notify them of its research and potential ways to address the architecture security issues, says Kurbatov. Ultimately, he notes, the responsibility mainly falls on mobile operators to resolve the issue.
Holtmanns holds a similar view. “There are huge differences between operators. Not all networks are equal,” she warns, adding that some operators will push security improvements through, while others do not.
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Related Content:
4G Cellular Networks At Risk Of DoS Attacks
New 4G LTE Hacks Punch Holes In Privacy
Activists Beware: The Latest In 3G & 4G Spying
我们很多人不关心信息安全,因为不相信这些事故会发生在我们身上。可是当事故发生在自己身上之后,悔之晚矣,可是这世上有后悔药吗?

猜您喜欢

海外安全培训课程课件,帮助国外出差人员强化安全防范意识,积极应对劫持与绑架:
涉密人员必修课
网络安全法在线讲解-《网络安全法》的突出亮点 https://v.qq.com/x/page/u0514qmyllg.html
韩国选手欲阻挡中国队 情急之下连自己人都"打"(图)
MIET WEATHERVANESOFMAINE
随便聊聊信息安全真理与方法