All mobile networks vulnerable to DoS, impersonation and fraud attacks

Source: TechRadar
As a result of security vulnerabilities in the GTP protocol, all mobile networks are vulnerable to denial of service (DoS), impersonation and fraud attacks based on new research from Positive Technologies.
The firm's new Vulnerabilities in LTE and 5G networks 2020 report highlights the cybersecurity risks to networks that utilize the GTP protocol which is used to transmit user data and control traffic on 2G, 3G and 4G networks. However, non-standalone 5G networks are also vulnerable.
Tests conducted by Positive Technologies' experts show that network equipment used in these networks are vulnerable to DoS attacks. DoS attacks against network equipment are far worse than those targeting specific users as a large number of people could lose connectivity following a successful attack. These attacks could be especially dangerous for 5G networks as IoT devices including industrial equipment, smart homes and even city infrastructure will also be affected.
- 5G to hit one billion connections by 2022
- Companies embracing IoT despite security risks
- Almost all mobile apps vulnerable to malware
GTP protocol
Through the GTP protocol, networks were also vulnerable to impersonation attacks where a cybercriminal assumes the identity of a subscriber to get authorized access to online services in order to bypass two factor authentication. At the same time though, fraudsters can also launch these attacks to perform mobile traffic drain for fake roamers and make a network operator pay for it.
Faults in the GTP protocol directly impact most 5G networks because they are non-standalone and deployed on the EPC core network meaning they have the same vulnerabilities. The GTP protocol will also be used in standalone 5G architecture, so even when new networks are developed, security will remain a key issue.
Positive Technologies' CTO Dmitry Kurbatov provided further insight on the report's findings in a press release, saying:
“Every network tested was found to be vulnerable to DoS, impersonation and fraud. In practice, this means that attackers could interfere with network equipment and leave an entire city without communications, defraud operators and customers, impersonate users to access various resources, and make operators pay for non-existent roaming services. Moreover, the risk level is very high: some of these attacks can be performed using just a mobile phone.”
As a result of security vulnerabilities in the GTP protocol, all mobile networks are vulnerable to denial of service (DoS), impersonation and fraud attacks based on new research from Positive Technologies.
The firm's new Vulnerabilities in LTE and 5G networks 2020 report highlights the cybersecurity risks to networks that utilize the GTP protocol which is used to transmit user data and control traffic on 2G, 3G and 4G networks. However, non-standalone 5G networks are also vulnerable.
Tests conducted by Positive Technologies' experts show that network equipment used in these networks are vulnerable to DoS attacks. DoS attacks against network equipment are far worse than those targeting specific users as a large number of people could lose connectivity following a successful attack. These attacks could be especially dangerous for 5G networks as IoT devices including industrial equipment, smart homes and even city infrastructure will also be affected.
- 5G to hit one billion connections by 2022
- Companies embracing IoT despite security risks
- Almost all mobile apps vulnerable to malware
GTP protocol
Through the GTP protocol, networks were also vulnerable to impersonation attacks where a cybercriminal assumes the identity of a subscriber to get authorized access to online services in order to bypass two factor authentication. At the same time though, fraudsters can also launch these attacks to perform mobile traffic drain for fake roamers and make a network operator pay for it.
Faults in the GTP protocol directly impact most 5G networks because they are non-standalone and deployed on the EPC core network meaning they have the same vulnerabilities. The GTP protocol will also be used in standalone 5G architecture, so even when new networks are developed, security will remain a key issue.
Positive Technologies' CTO Dmitry Kurbatov provided further insight on the report's findings in a press release, saying:
“Every network tested was found to be vulnerable to DoS, impersonation and fraud. In practice, this means that attackers could interfere with network equipment and leave an entire city without communications, defraud operators and customers, impersonate users to access various resources, and make operators pay for non-existent roaming services. Moreover, the risk level is very high: some of these attacks can be performed using just a mobile phone.”
Read more at TechRadar
Latest Gadgets
Dyson V11 Outsize review

Ideal for larger homes, Dyson's flagship vacuum gets super-sized with the Dyson V11 Outsize. ...
iLife A10 Robot Vacuum

The iLife A10 tries to impress, but ineffective cleaning methods makes it hard to recommend. ...
Ninja 3-in-1 Food Processor with Auto-IQ review

A powerful and time-saving appliance for everyday home cooking and baking. ...
Instant Vortex Air Fryer

The Vortex can cook enough to feed a family, and does away with lingering frying smells. ...
Instant Vortex Air Fryer

The Vortex can cook enough to feed a family, and does away with lingering frying smells. ...
Bob Mini Dishwasher review
A tabletop dishwasher that offers style and convenience in a small package. ...