Vulnerability of Denial-of-Service attack in 4G and 5G networks
Existing 4G and early 5G networks use Diameter signaling protocol, which contains certain security holes that can lead to a range of attacks, says enterprise security provider Positive Technologies.
Mobile operators are racing to upgrade their networks with 5G connectivity while at the same time expanding 4G LTE coverage throughout the world. Though the latest generations of cellular technology offer faster performance and other benefits over their predecessors, they’re vulnerable to some of the same security flaws. A report released Thursday by Positive Technologies explains how and why existing 4G and new 5G networks can be hurt by Denial-of-Service (DOS) attacks in particular.
For its report “Security Assessment of Diameter Networks 2020,” Positive Technologies simulated external attacks against 28 telecom operators in Europe, Asia, Africa, and South America during 2018 and 2019. Specifically, the company looked at 4G and 5G networks using Diameter signaling protocol, a method for coordinating data among different Internet Protocol (IP) network elements.
The Diameter signaling protocol is saddled with certain security flaws that make it vulnerable to a range of attack types. Despite these flaws being public knowledge, the past two years have seen no improvements in the security of Diameter networks, according to Positive Technologies. And the biggest type of threat facing such networks is denial of service. In fact, every network that the company tested was vulnerable to a DOS attack, the report stated.
Specifically, the networks analyzed failed to check the subscriber’s actual location or the origin network of signaling messages for a subscriber. As such, they were unable to distinguish between fake and legitimate traffic, opening the door to DOS attacks.
The flaws in the Diameter signaling protocol and the potential DOS attacks can affect users of both 4G and nascent 5G networks. This is because the first generation of 5G networks, known as 5G Non-Standalone, is based on the LTE network core, which means it inherits all of the security weaknesses of LTE.
“A lot of the major mobile operators are already starting to roll out their 5G networks and so the industry needs to avoid repeating the mistakes of the past by having security front and center of any network design,” Dmitry Kurbatov, CTO at Positive Technologies, said in a press release. “If left unchecked, their 5G networks will not be immune from the same vulnerabilities of previous generation networks.”
With Gartner previously forecasting 25 billion Internet of Things devices connected by 2021, a DOS attack has the potential to do massive damage.
“It can cripple cities which are beginning to usedevices in various ways from national infrastructure to industry,” Kurbatov said. “For example, if an alarm system fails to activate during an emergency it can literally be a life-or-death situation.”
For organizations involved in cellular technology, Positive Technologies offers recommendations to help protect 4G and 5G networks from DOS attacks.
Security must be a priority during network design. This is truer now than ever before, as operators begin to tackle construction of 5G networks. Attempts to implement security as an afterthought at later stages may cost much more. At best, operators will likely need to purchase additional equipment. At worst, operators may be stuck with long-term security vulnerabilities that cannot be fixed later.
“Implementing security as an afterthought means further down the line, issues will inevitably arise, and operators will be forced to retrofit security, putting a strain on their original budget,” Kurbatov said. “Trying to fix mistakes on an ad-hoc basis often results in new solutions being poorly integrated into existing network architecture.”
Signaling traffic must be monitored and analyzed as it crosses the network border. This identifies potential threats and configuration errors. Such monitoring is encouraged by GSMA guidelines. To implement this, operators need to employ special threat detection systems that can analyze signal traffic in real time and detect illegitimate activity by external hosts. These solutions block illegitimate messages without impacting network performance or subscriber availability. They can also relay information to other protection systems for maximum effectiveness.
“At the moment, operators neglect to cross-reference messages to verify a subscriber’s location to be able to filter between fake and legitimate messages,” Kurbatov said. “Mobile operators cannot afford to ground operations to a halt and so they need solutions which can block illegitimate messages without impacting network performance or user access to the network. Correct filtering of incoming messages is needed using threat detection systems which can analyze signal traffic in real-time and detect illegitimate activity by external hosts and flag up configuration errors as per GSMA guidelines.”