A report has revealed that all 4G networks are susceptible to denial of service (DoS) attacks.
Research centered around the Diameter signalling protocol by Positive Technologies revealed that weaknesses within the protocol means that threat actors could launch DoS attacks on all 4G networks.
The Diameter signalling protocol “is used to authenticate and authorise messages and information distribution in 4G networks,” explained Positive Technologies. It is a core component in LTE which enables communication and translation between Internet protocol network elements.
Researchers attempted to infiltrate the networks of 28 telecommunications operators across Europe, Asia, Africa and South American between 2018 and 2019, to which all attempts were successful.
Different forms of attacks were explored including fraudulent usage, DoS, SMS interception, to which DoS was the easiest form of cyber attack.
The vulnerabilities are also an issue to any 5G networks built on top of previous generation networks, thus making them susceptible to the same threats, such as obtaining sensitive information, downgrading users to insecure 3G networks and tracking user location.
Other vulnerabilities in the Diameter protocol could allow threat actors to track subscriber location and obtain their personal sensitive information which could be used to bypass restrictions on mobile services or even intercept voice calls.
Dmitry Kurbatov, CTO at Positive Technologies, said: “A lot of the major mobile operators are already starting to roll out their 5G networks and so the industry needs to avoid repeating the mistakes of the past by having security front and centre of any network design. If left unchecked, their 5G networks will not be immune from the same vulnerabilities of previous generation networks.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.