All mobile networks (2G, 3G, 4G and even non-standalone 5G) are vulnerable to various attacks through the GTP protocol, according to a new report from Positive Technologies.
According to the report, “every tested network” was vulnerable to a DoS attack against network equipment.
Further, the GTP protocol enables impersonation attacks, whereby the criminal assumes the identity of a subscriber, gaining access to various online services, bypassing two-factor authentication and more.
The difference between attacking network equipment versus an individual is that a far larger number of users will be affected. With 5G on the horizon and IoT set to explode, this could potentially mean downtime for smart homes, industrial equipment and city infrastructure.
“Every network tested was found to be vulnerable to DoS, impersonation and fraud. In practice, this means that attackers could interfere with network equipment and leave an entire city without communications, defraud operators and customers, impersonate users to access various resources, and make operators pay for non-existent roaming services,” said Dmitry Kurbatov, CTO at Positive Technologies commented.
“Moreover, the risk level is very high: some of these attacks can be performed using just a mobile phone," he added.
Positive Technologies also believes these vulnerabilities will endure as the world transitions to 5G, as the GTP protocol will “partially remain in standalone 5G architecture”.