Positive Technologies releases report on why old vulnerabilities still impact 5G security
December 18, 2019 — Positive Technologies, a global telecoms security company, has released its report: 5G signaling networks: blast from the past – which gives an overview of the current state of protection of mobile networks and implications for security of nascent 5G networks. It is the first in a series of four reports on telecom security, which will go on to look at Positive Technologies’ security testing of SS7, Diameter, and GTP networks, includes details of real hacker attacks performed in the wild and what operators can do to protect themselves.
The report looks to tackle the misconception that 5G will not be affected by existing security vulnerabilities in mobile networks. To do so it covers key questions where there is clear confusion in the industry, such as: How can vulnerabilities in the telecom protocols SS7 and Diameter affect 5G and the IoT? Will the current protocols remain relevant in the years ahead? Who can potentially fall victim to attacks against 5G networks?
“We at Positive Technologies are determined to highlight the remaining risks inherent in the fact that 5G networks interwork with other mobile networks,” said Dmitry Kurbatov, CTO of Positive Technologies. “Because of this reliance on legacy infrastructure, hackers can perform cross-protocol attacks by exploiting vulnerabilities in multiple protocols as part of a single attack. For example, an attack on a 5G network can begin with exploitation of vulnerabilities in 3G to obtain subscriber identifiers. That is why protecting previous generations of networks is essential for 5G security.”
Additional threats in 5G networks
The report also looks at new threats from 5G. As well as inherited risks through legacy networks, additional threats are coming to the forefront. For example, with the rise of 5G, the main consumers of communication services are no longer people, but Internet of Things devices. IoT adoption has taken off following the deployment of 5G networks in a number of countries, but without securing the underlying telecommunication technologies, smart IoT systems also cannot be kept safe.
“The biggest security threat to IoT devices is denial of service,” explained Kurbatov. “The results of our real-world testing are alarming: across all networks, whether 2G, 3G, 4G, or even 5G, attackers can deprive subscribers of service. Smart home components or industrial equipment could be made unavailable at a critical moment. As 5G mobile technologies and IoT devices evolve, so does the threat landscape. Now even connected cars or smart city systems could be targeted by hackers.”
Positive Technologies has pioneered research into telecoms security. Its researchers help to advise operators on vulnerabilities in their networks, threats they could be facing, and challenges from emerging telecom technologies such as 5G and the IoT.
About
Positive Technologies is a global cybersecurity company. Its flagship Telecom Cybersecurity Suite enables network operators to drive business performance while protecting their subscribers and services. By providing greater visibility into infrastructure vulnerabilities and securing customer services, Positive Technologies helps to strengthen loyalty, drive revenue with value-added security offerings, and protect emerging telecom technologies such as 5G and the IoT. Since 2012, Positive Technologies has continually proven its global leadership, vision, and expertise in telecom security. As a separate business entity based out of Europe, Positive Technologies was rolled out in 2019. Positive Technologies operates globally with offices and staff in the UK, Italy, Czech Republic, Russia, Brazil, and South Korea. The company employs dozens of experts with deep knowledge of cybersecurity and telecom-related specialties, including vulnerability research, reverse engineering, pentesting and social engineering, and forensic analysis.
Gloss