Long-standing vulnerabilities in older wireless broadband standards will continue to dog new 5G networks, despite efforts to improve network security, a new report has claimed.
Researchers with Positive Technologies say that a legacy standard known as GPRS Tunneling Protocol (GTP) is the culprit behind security issues that will leave many of the early 5G networks open to attacks such as spoofing, man-in-the-middle, and denial of service.
Introduced during the earliest upgrades to 2G broadband networks and used through the current 4G standard, GTP allows for data packet transfer between various wireless networks and carriers. For example, if a user is roaming, GTP allows for their calls to be made through a local carrier and handed off to another network.
The idea is to provide an easy way for users to link up with different carriers and move data across multiple networks and countries. GTP is the common link-up these networks and devices use to identify themselves and their data packets.
Unfortunately, the standard also has a number of fundamental security flaws that render it unable to accurately check location and subscriber credentials, meaning an attacker can spoof traffic on a network to hide their number, impersonate users to sign up for premium services, and cause denial of service by attempting to open up multiple data connections at a single access point.
"These vulnerabilities continue to persist because the GTP Protocol hasn't changed significantly from one generation to the next," Positive Technologies telecom security research head Pavel Novikov told The Register.
"In most cases, operators don't have the monitoring solutions in place to know that their network has these problems, so the security implications have flown under the radar."
It's always DNS, especially when you're on holiday with nothing but a phone on GPRSREAD MORE
Many of these flaws are supposed to be addressed in 5G broadband networks, where new protocols will replace GTP for many uses and more secure transmission will be in place, preventing attackers from spoofing or intercepting data packet transmissions.
At least, that is what would ideally happen. Mobile networks being what they are, the transition to 5G will be incremental and, in the meantime, that means backwards compatibility is needed with 4G and earlier standards, where GTP transmission remains highly vulnerable.
In short, 5G security protections only work when 5G is running alone, and we're not likely to get standalone 5G for several years. In the meantime, researchers say, there isn't much end users and admins can do – this is an issue that the carriers themselves will need to address within their networks.
To that end, the Positive Technologies crew said that mobile carriers would be well advised to take a closer look at how they handle roaming network traffic and use methods such as IP filtering that limits connections to known, trusted network carriers.
"Most of the issues with GTP protocol relate to roaming networks because operators use a 'friendly' model – which assumes all of the users accessing their networks as legitimate and authorised and that attackers will not appear in their network," Novikov explained.
"The most effective action which can be taken is to ensure they realise this isn't the case and change their approach, putting security protocols in place on their 5G roaming networks when migration occurs." ®