Despite keeping the world constantly connected and even providing a bump in security over its predecessor, 4G networks are still plagued with weaknesses that leave entire mobile networks and future “Smart Cities” open to fraud, content hijacking, DoS attacks on subscribers or on the operator's equipment and other attacks.
Positive Technologies researchers analysed the security of 4G signaling networks and found vulnerabilities caused by fundamental deficiencies in the Evolved Packet Core that could allow the disconnection one or more subscribers, the interception of Internet traffic and text messages, operator equipment malfunction, and other illegitimate actions, according to a recent report.
An attacker could also intercept user mobile station ISDN number and international mobile subscriber identity, subscriber location discovery and then perform man-in-the-middle attacks, gain access to unencrypted mail, browsing history, text messages and even eavesdrop on VoLTE calls via packet interception.
Researchers developed exploitation techniques based on flaws of the GTP protocol which don't require an attacker to have much skill and can be carried out with a free software installer for penetration tests, and basic programming skills.
The majority of these attacks are made possible due to how roaming is implements and because of deficiencies in inter-operator interaction via the GRX network (GPRS Roaming Exchange). In one of the attacks, researchers were able to use a brute force attack to breach a network perimeter.
The vulnerabilities may be the cost of consumer convenience researchers suggested. The lax or absent protection mechanisms which caused the vulnerabilities were caused by deliberate choices made by industry to shortchange security in favor of reducing network delays and increasing data processing speeds, according to the report.
“Any changes to the quantity or quality of equipment affect network configuration, and therefore can degrade network security,” the report said. “Keeping security settings up to date requires special tools for monitoring, analysing, and filtering messages that cross network boundaries.”
Because the implementation of any security measures is a network by network task, it's the responsibility of individual mobile operators and the contractors maintaining networks on their behalf to ensure that networks are secure.
This could pose a threat when additional factors like government are added to the equation such as in the case of smart cities using traffic lights that are networked together using 4G technology.
"If such a network is hacked and denial of service hits just a few traffic lights, for example, this may lead to road accidents and traffic at a standstill," Positive Technologies head of research group for telecom security Pavel Novikov said in a press release. "That is why mobile operators involved in city automation should pay particular attention to methods of preventing network threats."
Researchers recommend networks analyse the security of the mobile network and apply measures to protect data from unauthorised access suing tools such as encryption and special instruments for monitoring, analysing, and filtering of messages that cross network boundaries.