'Long-standing vulns' in 5G protocols open the door for attacks on smartphone users

Plus: EU agrees that security could be better and calls for bigger role for itself


Some 5G networks are at risk of attack thanks to "long-standing vulnerabilities" in core protocols, according to infosec researchers at Positive Technologies.

"The stack of technologies in 5G potentially leaves the door open to attacks on subscribers and the operator's network. Such attacks can be performed from the international roaming network, the operator's network, or partner networks that provide access to services," the biz said.

It claimed that the HTTP/2 protocol, used for carrying out vital network functions including the registering and storing of user profiles, contained vulnerabilities that could let malicious sorts carry out denial-of-service attacks and the like against mobile phone users.

“So the big question right now for all of the telecoms, for security teams [and] for security researchers is how it will look like and what will be the security situation with 5G after the transition [from 4G LTE networks] is over?” said Positive CTO Dmitry Kurbatov told us, later demonstrating the MITM attack with a demo of an exploit that relied on the packet forwarding control protocol (PFCP).

In a statement about its report, Positive singled out the PFCP, which is used to make subscriber connections, saying it "has several potential vulnerabilities such as denial of service, cutting subscriber access to the internet and redirecting traffic to an attacker, allowing them to downlink the data of a subscriber."

It also highlighted the HTTP/2 protocol, which it said contained vulns that could allow malicious people to "impersonate any network service" – damaging telco customers' trust in the network – as well as deleting vital network function profiles, the uses of which are explained in depth here.

We also think 5G security could be better, says EU

Separately, the EU cybersecurity agency ENISA published a highly technical report this week into 5G security, setting out what it sees as important vulnerabilities to be fixed in the technologies underpinning 5G networks, both at the radio access and core layers.

ENISA exec director Juhan Lepassaar said in a canned statement: "By providing regular threat assessments, the EU Agency for Cybersecurity materialises its support to the EU cybersecurity ecosystem. This work is part of our continuous contribution to securing 5G, a key infrastructure for the years to come."

Perhaps unsurprisingly, ENISA also concluded that it needs a greater role in 5G security efforts across the 27-member political bloc, stating: "It is essential that the EU continues to facilitate the definition of common security standards across 5G Networks and its use cases by supporting further cooperation and information sharing among Member States." ®


Biting the hand that feeds IT © 1998–2021