The Latest Bitdefender News
Product and Solution Information, Press Releases, Announcements
|GTP Protocol Vulnerabilities Directly Affect 5G Mobile Operators and Users|
|Posted: Tue Jun 16, 2020 09:23:00 AM|
Security researchers have discovered that the GTP protocol contains several vulnerabilities that could affect mobile operators and their clients. The newly minted 5G networks are directly impacted, and the industrial IoT segment will be among the first to feel the effects.
It’s not the first time problems are found within the GTP protocol, which is used to transmit user and control traffic on 2G, 3G, 4G, and 5G networks. In theory, attackers could disable communications for large areas, even cities, deploy DDoS attacks, or impersonate users to access typically restricted resources.
All GTP networks the security researchers tested carried the risk of fraud against the operator or subscribers, which means that a new technology such as 5G could present even bigger challenges, especially since it comes with much higher bandwidth.
“The GTP protocol is fundamentally flawed in that it does not check the user’s actual location, which is behind half of the successful attacks,” said the researchers.
“Any guest network where the subscriber is currently located can send a set of signaling messages to the subscriber’s home network, so it is difficult to determine whether incoming traffic is legitimate. It’s a good idea to check if the subscriber really could be roaming on the network which sent a signaling message, but that would require analyzing the subscriber’s movements,” they continue.
As it stands, all of the already-deployed 5G networks are vulnerable to disclosure of subscriber information, spoofing (fraud and impersonation attacks) and DDoS attacks on network equipment.
The responsibility of security now rests with mobile operators, which need to look at the GTP protocol, ensure filtering at the GTP level, and deploy security solutions.