Original Post from InfoSecurity Magazine
All 4G Networks Susceptible to DoS Attacks
New research has uncovered a vulnerability affecting all 4G and some 5G telecommunications networks.
A study of the security of diameter networks completed by Positive Technologies found that weaknesses in the diameter-signaling protocol meant that 100% of 4G networks are susceptible to denial of service (DoS) attacks.
The diameter-signaling protocol is used to authenticate and authorize messages and information distribution in 4G networks. It is a crucial component in LTE, facilitating translation and communication between Internet protocol network elements.
Researchers found that every attempt they made to infiltrate 28 telecommunications operators across South America, Asia, Europe, and Africa with attacks between 2018 and 2019 was successful.
The findings aren’t just bad news for 4G; the vulnerabilities in the protocol are a problem for any 5G networks built on top of the previous generation of networks, using the same LTE network core. Networks linked in this way could be susceptible to the same threats, such as tracking user location and obtaining sensitive information.
Researchers warned that users of 5G networks that are riddled with weaknesses inherited from their 4G predecessors could see their service downgraded to insecure 3G networks.
Dmitry Kurbatov, CTO at Positive Technologies, said: “A lot of the major mobile operators are already starting to roll out their 5G networks and so the industry needs to avoid repeating the mistakes of the past by having security front and centre of any network design. If left unchecked, their 5G networks will not be immune from the same vulnerabilities of previous generation networks.”
Other vulnerabilities detected in the diameter protocol allow external actors to track subscriber location and obtain a subscriber’s sensitive information. This information could later be used to intercept voice calls, bypassing restrictions on mobile services.
“Gartner predicts 25 billion IoT devices to be connected by 2021. Therefore, a denial of service attack becomes so much bigger than simply a slow internet connection stopping you from posting a picture on Instagram,” said Kurbatov.
“It can cripple cities which are beginning to use IoT devices in various ways from national infrastructure to industry.”
Go to Source