Positive Technologies, a global telecoms security company, has released its report: 5G signaling networks: blast from the past - which gives an overview of the current state of protection of mobile networks and implications for security of nascent 5G networks. It is the first in a series of four reports on telecom security, which will go on to look at Positive Technologies’ security testing of SS7, Diameter, and GTP networks, includes details of real hacker attacks performed in the wild and what operators can do to protect themselves.
The report looks to tackle the misconception that 5G will not be affected by existing security vulnerabilities in mobile networks. To do so it covers key questions where there is clear confusion in the industry, such as: How can vulnerabilities in the telecom protocols SS7 and Diameter affect 5G and the IoT? Will the current protocols remain relevant in the years ahead? Who can potentially fall victim to attacks against 5G networks?
“We at Positive Technologies are determined to highlight the remaining risks inherent in the fact that 5G networks interwork with other mobile networks,” said Dmitry Kurbatov, CTO of Positive Technologies. ”Because of this reliance on legacy infrastructure, hackers can perform cross-protocol attacks by exploiting vulnerabilities in multiple protocols as part of a single attack. For example, an attack on a 5G network can begin with exploitation of vulnerabilities in 3G to obtain subscriber identifiers. That is why protecting previous generations of networks is essential for 5G security.”
Additional threats in 5G networks
The report also looks at new threats from 5G. As well as inherited risks through legacy networks, additional threats are coming to the forefront. For example, with the rise of 5G, the main consumers of communication services are no longer people, but Internet of Things devices. IoT adoption has taken off following the deployment of 5G networks in a number of countries, but without securing the underlying telecommunication technologies, smart IoT systems also cannot be kept safe.
“The biggest security threat to IoT devices is denial of service,” explained Kurbatov. “The results of our real-world testing are alarming: across all networks, whether 2G, 3G, 4G, or even 5G, attackers can deprive subscribers of service. Smart home components or industrial equipment could be made unavailable at a critical moment. As 5G mobile technologies and IoT devices evolve, so does the threat landscape. Now even connected cars or smart city systems could be targeted by hackers.”
Positive Technologies has pioneered research into telecoms security. Its researchers help to advise operators on vulnerabilities in their networks, threats they could be facing, and challenges from emerging telecom technologies such as 5G and the IoT.
Click here to download the first part of the report, 5G signaling networks: blast from the past.