According to research, highly impactful vulnerabilities in a modern communication protocol that are used by network operators can be exploited by attackers to intercept user data and carry out impersonation, DoS attacks, and fraud.
According to a research paper published by a cybersecurity firm, Positive Technologies has disclosed several vulnerabilities in legacy mobile protocol.
The GTP protocol is used to transmit user and control traffic on 2G, 3G, and 4G networks. The vulnerability can lead to:
- Spoofing, which can be used for fraud
- Disclosure of subscriber information (including location data, used for user tracking)
- Denial-of-Service (DoS) attacks on network equipment, resulting in mass disruption of mobile communication
How the vulnerability can affect new 5G network
Positive Technologies said it performed security audits of 28 mobile operators in Europe, Asia, Africa, and South America. The researchers tested for both 4G and 5G networks at multiple protocols and found that most of the networks were vulnerable to the old GTP attacks.
GTP vulnerabilities can be exploited via the inter-operator IPX network, and in some cases even from a mobile device. The GTP protocol is fundamentally flawed in that it does not check the user’s actual location that leads to half of the attacks.
What operators can do?
Mobile operators will need to deploy a GTP firewall to protect against GTP-based attacks coming in from access networks, roaming partners, IoT, and more to support uninterrupted operations for their networks and subscribers.