4G Networks Vulnerable To Denial Of Service Attacks, Subscriber Tracking

Every 4G network is susceptible to a form of denial-of-service (DoS) attack, researchers say. 

We are in the early stages of a rollout of 5G, the next-generation wireless technology that will replace 4G, offering improved speeds and latency in the process. However, on occasion, security problems in these protocols rear their heads -- and Positive Technologies (PT)'s latest Diameter networks' report reveals a serious issue in 4G networking. 

The report was published on Tuesday and centers around the industry-standard Diameter signaling protocol, a core component in LTE that facilitates communication and translation between Internet protocol network elements. In 4G, the Diameter signaling protocol is used to authenticate and authorize messages.

See also: This cryptocurrency miner uses unique, stealthy tactics to hide from prying eyes

According to the report, which examined the networks of 28 telecommunications operators across Europe, Asia, Africa, and South America between 2018 and 2019, every attempt made to infiltrate these networks -- in some form -- was a success. 

PT researchers explored different forms of attack, including ways to bypass restrictions implemented by operators to allow free, fraudulent usage; SMS interception, and denial of service. 

DoS was the easiest form of cyberattack, caused by architectural flaws in the Diameter protocol. Many networks do not check a subscriber's actual location through GSMA signaling or verify the origin network of signaling messages for a subscriber, issues that the researchers say allows attackers to modify source addresses and perform DoS attacks. 

screenshot-2020-03-23-at-15-24-14.png

The researchers say that successful methods to conduct DoS against 4G networks rose from 38% in 2018 to 41% in 2019. Test attacks resulted in connection drops or significantly slower connections -- in the range of 3G.

CNET: Coronavirus timeline: How the disease spread across the globe

Other possible avenues of attack resulted in subscriber location tracking and the ability to steal subscriber information. Locations could be tracked in 89% of cases by impersonating roaming partners to send signaling messages requesting the location of a subscriber. Subscriber data -- such as phone numbers, mobile device status, and access point configurations -- could be stolen in 81% of cases when user locations were not verified when receiving signaling traffic requests.

In addition, the researchers say that when 5G networks are built upon existing architecture and the protocol, these security weaknesses will continue to exist. 

 "A lot of the major mobile operators are already starting to roll out their 5G networks and so the industry needs to avoid repeating the mistakes of the past by having security front and center of any network design," says Dmitry Kurbatov, CTO at Positive Technologies. "Trying to fix mistakes on an ad-hoc basis, often results in new solutions being poorly integrated into the existing network architecture."

TechRepublic: 2020 tech conferences: Dates, locations, and which events are changing due to COVID-19

In related news over the past week, researchers discovered that three botnet operators have been secretly exploiting three zero-day vulnerabilities in DVRs for over six months. The digital video recorders are used to support and host video feeds from CCTV and IP camera systems.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


RECENT NEWS

Reassessing AI Investments: What The Correction In US Megacap Tech Stocks Signals

The recent correction in US megacap tech stocks, including giants like Nvidia, Tesla, Meta, and Alphabet, has sent rippl... Read more

AI Hype Meets Reality: Assessing The Impact Of Stock Declines On Future Tech Investments

Recent declines in the stock prices of major tech companies such as Nvidia, Tesla, Meta, and Alphabet have highlighted a... Read more

Technology Sector Fuels U.S. Economic Growth In Q2

The technology sector played a pivotal role in accelerating America's economic growth in the second quarter of 2024.The ... Read more

Tech Start-Ups Advised To Guard Against Foreign Investment Risks

The US National Counterintelligence and Security Center (NCSC) has advised American tech start-ups to be wary of foreign... Read more

Global IT Outage Threatens To Cost Insurers Billions

Largest disruption since 2017’s NotPetya malware attack highlights vulnerabilities.A recent global IT outage has cause... Read more

Global IT Outage Disrupts Airlines, Financial Services, And Media Groups

On Friday morning, a major IT outage caused widespread disruption across various sectors, including airlines, financial ... Read more