'Long-standing vulns' in 5G protocols open the door for attacks on smartphone users

Plus: EU agrees that security could be better and calls for bigger role for itself


Some 5G networks are at risk of attack thanks to "long-standing vulnerabilities" in core protocols, according to infosec researchers at Positive Technologies.

"The stack of technologies in 5G potentially leaves the door open to attacks on subscribers and the operator's network. Such attacks can be performed from the international roaming network, the operator's network, or partner networks that provide access to services," the biz said.

It claimed that the HTTP/2 protocol, used for carrying out vital network functions including the registering and storing of user profiles, contained vulnerabilities that could let malicious sorts carry out denial-of-service attacks and the like against mobile phone users.

“So the big question right now for all of the telecoms, for security teams [and] for security researchers is how it will look like and what will be the security situation with 5G after the transition [from 4G LTE networks] is over?” said Positive CTO Dmitry Kurbatov told us, later demonstrating the MITM attack with a demo of an exploit that relied on the packet forwarding control protocol (PFCP).

In a statement about its report, Positive singled out the PFCP, which is used to make subscriber connections, saying it "has several potential vulnerabilities such as denial of service, cutting subscriber access to the internet and redirecting traffic to an attacker, allowing them to downlink the data of a subscriber."

It also highlighted the HTTP/2 protocol, which it said contained vulns that could allow malicious people to "impersonate any network service" – damaging telco customers' trust in the network – as well as deleting vital network function profiles, the uses of which are explained in depth here.

We also think 5G security could be better, says EU

Separately, the EU cybersecurity agency ENISA published a highly technical report this week into 5G security, setting out what it sees as important vulnerabilities to be fixed in the technologies underpinning 5G networks, both at the radio access and core layers.

ENISA exec director Juhan Lepassaar said in a canned statement: "By providing regular threat assessments, the EU Agency for Cybersecurity materialises its support to the EU cybersecurity ecosystem. This work is part of our continuous contribution to securing 5G, a key infrastructure for the years to come."

Perhaps unsurprisingly, ENISA also concluded that it needs a greater role in 5G security efforts across the 27-member political bloc, stating: "It is essential that the EU continues to facilitate the definition of common security standards across 5G Networks and its use cases by supporting further cooperation and information sharing among Member States." ®

Similar topics

Broader topics


Other stories you might like

  • Minimal, systemd-free Alpine Linux releases version 3.16
    A widespread distro that many of its users don't even know they have

    Version 3.16.0 of Alpine Linux is out – one of the most significant of the many lightweight distros.

    Version 3.16.0 is worth a look, especially if you want to broaden your skills.

    Alpine is interesting because it's not just another me-too distro. It bucks a lot of the trends in modern Linux, and while it's not the easiest to set up, it's a great deal easier to get it working than it was a few releases ago.

    Continue reading
  • Verizon: Ransomware sees biggest jump in five years
    We're only here for DBIRs

    The cybersecurity landscape continues to expand and evolve rapidly, fueled in large part by the cat-and-mouse game between miscreants trying to get into corporate IT environments and those hired by enterprises and security vendors to keep them out.

    Despite all that, Verizon's annual security breach report is again showing that there are constants in the field, including that ransomware continues to be a fast-growing threat and that the "human element" still plays a central role in most security breaches, whether it's through social engineering, bad decisions, or similar.

    According to the US carrier's 2022 Data Breach Investigations Report (DBIR) released this week [PDF], ransomware accounted for 25 percent of the observed security incidents that occurred between November 1, 2020, and October 31, 2021, and was present in 70 percent of all malware infections. Ransomware outbreaks increased 13 percent year-over-year, a larger increase than the previous five years combined.

    Continue reading
  • Slack-for-engineers Mattermost on open source and data sovereignty
    Control and access are becoming a hot button for orgs

    Interview "It's our data, it's our intellectual property. Being able to migrate it out those systems is near impossible... It was a real frustration for us."

    These were the words of communication and collaboration platform Mattermost's founder and CTO, Corey Hulen, speaking to The Register about open source, sovereignty and audio bridges.

    "Some of the history of Mattermost is exactly that problem," says Hulen of the issue of closed source software. "We were using proprietary tools – we were not a collaboration platform before, we were a games company before – [and] we were extremely frustrated because we couldn't get our intellectual property out of those systems..."

    Continue reading

Biting the hand that feeds IT © 1998–2022