Diameter vulnerabilities could lead to sudden failure of ATMs, payment terminals, utility meters, car alarms, and video surveillance
According to a report by Positive Technologies, flaws in the Diameter protocol can be used by an attacker to deprive subscribers of the high speeds and superior quality promised by 4G operators. In the case of many 4G-enabled devices—such as pipeline safety sensors and gas leak detectors—lack of connectivity can lead to major financial losses and life-threatening accidents.
Fourth-generation (4G) mobile networks are rapidly becoming a part of daily life. Subscribers trust their operators to provide high signal quality and superior data protection. However, Positive Technologies experts have found a number of vulnerabilities in Diameter, a protocol used for signaling on 4G networks, demonstrating the protocol is as vulnerable to attacks as previous generation networks.
Positive Technologies identified five areas of potential vulnerability; subscriber information disclosure, network information disclosure, subscriber traffic interception, fraud and denial of service.
For example, an attacker can deprive a subscriber of service by switching them to a non-existent network. Vulnerabilities also facilitate mass Denial-of_Service (DoS, DDoS) attacks, which create financial and reputational risks for mobile operators. Thousands of users can be simultaneously disconnected for a long period of time until their device is restarted or transferred into the coverage area of another Mobility Management Entity (MME). One in three 4G networks tested were found to be at risk of telecom fraud, enabling cyber attackers to use mobile services for free and potentially sell access to third parties. Subscriber privacy also remains at risk: all 4G networks tested allow attackers to track subscriber locations.
Dan Tara, Executive Vice President at Positive Technologies, said: "In 2017, we demonstrated the feasibility of user geolocation, denial of service, and other attacks on 4G networks. Our latest research shows telecommunications operators are taking only the smallest steps to deal with Diameter security. The situation with previous-generation networks is even worse: an attacker can force a subscriber's device into 3G mode and carry out further attacks targeting the less secure SS7 protocol, including call eavesdropping and SMS interception, with minimal effort. On 2G and 3G networks, for instance, it was possible to intercept nine out of ten SMS messages.”
The identified flaws go beyond misconfiguration or network equipment vulnerabilities. A number of them involve fundamental issues with the Diameter protocol, which will require operators to deploy special protection solutions. Positive Technologies experts stress the importance of a comprehensive, process-based approach to securing telecom networks.
The findings of this Positive Technologies research report are based on the testing of telecommunications operators across Europe and Asia, the vast majority (80 percent) of which are major telecom companies serving more than 40 million subscribers.
A copy of the full research report can be downloaded here: https://positive-tech.com/research/diameter-2018/