High impact vulnerabilities in modern communication protocol used by mobile network operators (MNOs) can be exploited to intercept user data and carry out impersonation, fraud, and denial of service (DoS) attacks, cautions a newly published research.
The findings are part of a new Vulnerabilities in LTE and 5G Networks 2020 report published by London-based cybersecurity firm Positive Technologies last week.
“This paper encompasses the results of security assessments performed during the 2018–2019 timeframe on behalf of 28 telecom operators in Europe, Asia, Africa, and South America.”
Called the GPRS Tunnelling Protocol (GTP), the affected Internet Protocol (IP)-based communications standard defines a set of rules governing data traffic over 2G, 3G, and 4G networks.
It also forms the basis for GPRS core network and its successor Evolved Packet Core (EPC), thus making it possible for users to keep connected to the Internet while moving from one place to the other.
“The GTP protocol contains a number of vulnerabilities threatening both mobile operators and their clients,” the company said, “As a result, attackers can interfere with network equipment and leave an entire city without communications, impersonate users to access various resources, and use network services at the expense of the operator or subscribers.”
images from Hacker News