5g Security Issues
July 11, 2019
Each new generation of mobile standards since 2G has been designed for one and the same goal: boost bandwidth on packet networks, to provide users with faster Internet access. The other changes were mini-mal. The voice codec in 3G changed only slightly. On 4G networks, voice traffic is transmitted over packet data using the IP Multimedia Subsystem (IMS), which many operators have not deployed (so the 4G net-work may not transmit voice at all, instead falling back on 2G/3G to make calls).
SS7 vulnerabilities and attack exposure report, 2018
March 2, 2018
These days it is hard to imagine life without telecommunications. Anyone who uses e-banking, online payment, online shopping, e-government are long used to onetime passwords for transaction confirmation. The security of this authentication method is based merely on restricting access to telecommunication networks. While the internet of things is spreading widely into industrial processes and city infrastructure, failures in the mobile network can paralyze them, causing not only occasional interruptions in smart home or car devices, which dissatisfy the operator's customers, but also more critical consequences, such as traffic collapses or power outages. This report reveals the results of SS7 security analysis. Today the signaling network is not isolated, and this allows an intruder to exploit its flaws and intercept calls and SMSs, bypass billing, steal money from mobile accounts, or affect mobile network operability. To demonstrate the extend of security problems in modern communication networks, this report shows not only the vulnerabilities that we revealed during SS7 networks security analysis, but also the exploitation of these vulnerabilities as would happen in real life.
Threats to packet core security of 4G network
September 28, 2017
Broad adoption of 4G mobile networks has simplified access to high-speed Internet for billions of users. However, more than smartphones, tablets, and computers are connecting to 4G en masse. The high speeds and minimum latency of LTE networks allow using them for building out the infrastructure of the Internet of Things. Analysts estimate that by 2022, the number of IoT devices connected to mobile networks will increase from 400 million to 1.5 billion. Thus the security of Smart City systems, self-driving connected cars, and other IoT technologies will partially depend on the security of today’s (4G) and tomorrow’s (5G and LTE-M) mobile networks. In 2016, Positive Technologies experts analyzed the security of 4G signaling networks. On all the tested networks, the experts found vulnerabilities caused by fundamental deficiencies in the Evolved Packet Core. The issues detected allow disconnecting one or more subscribers, intercepting Internet traffic and text messages, causing operator equipment malfunction, and carrying out other illegitimate actions. To exploit vulnerabilities in 4G networks, an attacker does not need hard-to-obtain tools or considerable skill.
Next-generation networks, next-level cybersecurity problems
September 18, 2017
In preparation for the brave new world of 5G and IoT, the last few years have seen operators make significant investments in their next-generation networks. However, despite spending billions upgrading from a protocol developed in the 70’s (SS7) to Diameter (4G and 5G), flaws exist that allow an attacker to carry out eavesdropping, tracking, fraud, theft and DoS. This research piece outlines, using examples, how next-generation networks can be abused by an attacker and the steps which can be taken to protect against this.