All 4G networks across the world, and now also some 5G networks, contain a security flaw that allows all of them to be susceptible to Denial of Service (DoS) attacks.
A study called ‘Security Assessment of Diameter Networks 2020’ by cybersecurity company Positive Technologies shows that the Diameter signalling protocol, used to authenticate and authorise messages and information distribution in 4G networks, has vulnerabilities that leave it open to DoS attacks.
100% of current 4G networks run on the protocol, and 5G networks built on top of the previous generation’s network will also suffer with the same issues, leaving them open to user locations being tracked and sensitive information being obtained.
Dmitry Kurbatov, CTO at Positive Technologies, commented: “A lot of the major mobile operators are already starting to roll out their 5G networks and so the industry needs to avoid repeating the mistakes of the past by having security front and centre of any network design.
“If left unchecked, their 5G networks will not be immune from the same vulnerabilities of previous generation networks.”
According to the research, in all of the 28 telecommunications operators across Europe, Asia, Africa, and South America between 2018 and 2019 that were tested, every attempt made to infiltrate them using DoS was successful.
“Gartner predicts 25 billion IoT devices to be connected by 2021. Therefore, a denial of service attack becomes so much bigger than simply a slow internet connection stopping you from posting a picture on Instagram,” said Kurbatov.
“It can cripple cities which are beginning to use IoT devices in various ways from national infrastructure to industry.”
- World Health Organisation Suffers Hacking Attempt on its Systems
- Cybercriminals Target More Than 1,000 Students Per Day
- Printing Company Doxzoo Leaks Military Documents in Security Breach
A quote from the study commented on the impact that these vulnerabilities could have at this uncertain time: “The role of telecommunications is especially important today, at a time when COVID-19 has led to mandated isolation and quarantine in many countries. Remote work requires high-quality communication in order to work with colleagues, customers and clients, not to mention the demand for entertainment services as a pastime.
“Malicious actors may take advantage of the massive transition to remote work to compromise resources and steal data. Network traffic interception is a major risk and can be undertaken using a range of techniques – from rouge BTS to Diameter exploitation – where hackers will try to extract user credentials.
“This situation – where people are more reliant on the networks than ever before – demonstrates how crucial strong cybersecurity is for all mobile operators.”