Skip to main content

All mobile networks vulnerable to attack via GTP protocol

(Image credit: Image source: Shutterstock/ESB Professional)

All mobile networks (2G, 3G, 4G and even non-standalone 5G (opens in new tab)) are vulnerable to various attacks through the GTP protocol, according to a new report from Positive Technologies.

According to the report, “every tested network” was vulnerable to a DoS attack against network equipment.

Further, the GTP protocol enables impersonation attacks, whereby the criminal assumes the identity of a subscriber, gaining access to various online services, bypassing two-factor authentication and more.

The difference between attacking network equipment versus an individual is that a far larger number of users will be affected. With 5G on the horizon and IoT set to explode, this could potentially mean downtime for smart homes, industrial equipment and city infrastructure.

“Every network tested was found to be vulnerable to DoS, impersonation and fraud. In practice, this means that attackers could interfere with network equipment and leave an entire city without communications, defraud operators and customers, impersonate users to access various resources, and make operators pay for non-existent roaming services,” said Dmitry Kurbatov, CTO at Positive Technologies commented.

“Moreover, the risk level is very high: some of these attacks can be performed using just a mobile phone," he added.

Positive Technologies also believes these vulnerabilities will endure as the world transitions to 5G, as the GTP protocol will “partially remain in standalone 5G architecture”.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.