Will 5G Networks Inherit Vulnerabilities in 4G Networks?Researchers Warn Fixes Needed to Protect Emerging Networks
If vulnerabilities in 4G cellular networks that can expose them to denial-of-service and other attacks are not addressed, emerging 5G networks could inherit these same issues, the security firm Positive Technologies reports.
The firm's new research report, which looked at the security 4G LTE networks in Europe, Asia, Africa and South America in 2018 and 2019, found weaknesses in the diameter-signaling protocol, which can leave these networks open to DoS attacks as well as other cyberthreats.
The diameter-signaling protocol is used to authenticate and authorize messages and information distribution in 4G networks. It enables communication among internet network elements, which then allows components, such as servers and software, to communicate with the core of 4G LTE networks, the report notes.
As part of their project, researchers simulated attacks on these networks that targeted the diameter-signaling protocol. In every instance, the attacks proved successful, with DoS attacks posing the most significant threat, the report notes.
"In the last two years, there has been no improvement in the industry in terms of strengthening security measures in the diameter protocol, which is very concerning," Dmitry Kurbatov, CTO of Positive Technologies, tells Information Security Media Group. "As the world becomes more interconnected, the threat landscape expands, and so the consequences become even more dangerous."
The researchers also found that the these vulnerabilities could allow attackers to track users' location data and obtain sensitive subscriber information, which could be used to intercept voice calls through bypassing restrictions on mobile services.
The Positive Technologies report finds that because many first-generation 5G networks are being built on top of the core of 4G LTE networks, the vulnerabilities in the diameter-signaling protocol will remain - which means that many of the same security problems will persist.
"5G networks currently have non-standalone architecture, which is based on the 4G core network," Kurbatov says. "Therefore, subscribers who count on the advantages of 5G, including improved security, are still susceptible to the threats associated with 4G networks."
Telecommunication companies need to address these and other 5G security concerns while the next generation of networks are still in the earliest stages of development, Kurbatov says, or the costs of fixing vulnerabilities will increase.
"Attempts to implement security as an afterthought at later stages may cost much more - operators will likely need to purchase additional equipment, at best," Kurbatov says. "At worst, operators may be stuck with long-term security vulnerabilities that cannot be fixed later."
Kurbatov also recommends that telecoms do more to monitor signaling traffic and analyze it as it moves across the network. "Operators need to employ special threat detection systems that can analyze signal traffic in real time and detect illegitimate activity by external hosts," he says.
The Positive Technologies report also finds that the security vulnerabilities within 4G and 5G networks mean that internet of things devices are more susceptible to attack.
Because many IoT devices use either 4G or 5G networks to transmit data and connect to corporate networks, an increase in DoS attacks could disrupt large portions of the internet, according to the report.
"A denial-of-service attack becomes so much bigger than simply a slow internet connection stopping you from posting a picture on Instagram," Kurbatov says. "It can cripple cities, which are beginning to use IoT devices in various ways from national infrastructure to industry."
5G Security Concerns
In October 2019, the European Commission and the European Agency for Cybersecurity issued a report that found nation-state hackers were the biggest threat to 5G networks in Europe (see: Nation-State Hackers Greatest Threat to 5G Networks: Report).
Earlier this month, the White House released its national strategy for securing 5G networks, which includes plans for a domestic rollout, assessing and managing the risk associated with the technology and promoting secure worldwide deployment of the technology.