Attempts to infiltrate 4G networks “100% successful”

09 April 2020 | Melanie Mingas

Cover

A series of simulated denial of services (DoS) attacks conducted by researchers at Positive Technologies, saw a 100% success rate when attempting to infiltrate 4G mobile networks, leading for calls to increase security capabilities as global networks shift to 5G.

The findings, publishing in the Security assessment of diameter networks report, stated: “Researchers' attempts to infiltrate mobile networks were 100% successful and they discovered that the biggest threat was denial of service attacks which affects both 4G and 5G users.”

According to Positive Technologies, the Diameter signaling protocol is used to authenticate and authorise messages and information distribution in 4G networks. The vulnerabilities in the protocol means 5G networks built on top of previous generation networks will also inherit the same threats - such as tracking user location, obtaining sensitive information and in some cases downgrading users to insecure 3G networks.

To assess the security of the networks, PT researchers replicated the actions of threat actors. Their attempts to infiltrate mobile networks were 100% successful and they discovered that the biggest threat was denial of service attacks which affects both 4G and 5G users. This is because the first generation of 5G networks (5G Non-Standalone) is based on the LTE network core, which means that 5G is vulnerable to the same flaws.

CTO Dmitry Kurbatov, said: “The industry needs to avoid repeating the mistakes of the past by having security front and centre of any network design. If left unchecked, their 5G networks will not be immune from the same vulnerabilities of previous generation networks. Implementing security as an afterthought means further down the line, issues will inevitably arise, and operators will be forced to retrofit security putting strain on their original budget. Trying to fix mistakes on an ad-hoc basis, often results in new solutions being poorly integrated into existing network architecture,”

The findings are based on studies of the networks of 28 telecom operators across Europe, Asia, Africa and South America, between 2018 – 2019.