4G networks vulnerable to denial of service attacks, subscriber tracking

Don’t think you’re protected on upcoming 5G networks, either.
Written by Charlie Osborne, Contributing Writer

Every 4G network is susceptible to a form of denial-of-service (DoS) attack, researchers say. 

We are in the early stages of a rollout of 5G, the next-generation wireless technology that will replace 4G, offering improved speeds and latency in the process. However, on occasion, security problems in these protocols rear their heads -- and Positive Technologies (PT)'s latest Diameter networks' report reveals a serious issue in 4G networking. 

The report was published on Tuesday and centers around the industry-standard Diameter signaling protocol, a core component in LTE that facilitates communication and translation between Internet protocol network elements. In 4G, the Diameter signaling protocol is used to authenticate and authorize messages.

See also: This cryptocurrency miner uses unique, stealthy tactics to hide from prying eyes

According to the report, which examined the networks of 28 telecommunications operators across Europe, Asia, Africa, and South America between 2018 and 2019, every attempt made to infiltrate these networks -- in some form -- was a success. 

PT researchers explored different forms of attack, including ways to bypass restrictions implemented by operators to allow free, fraudulent usage; SMS interception, and denial of service. 

DoS was the easiest form of cyberattack, caused by architectural flaws in the Diameter protocol. Many networks do not check a subscriber's actual location through GSMA signaling or verify the origin network of signaling messages for a subscriber, issues that the researchers say allows attackers to modify source addresses and perform DoS attacks. 


The researchers say that successful methods to conduct DoS against 4G networks rose from 38% in 2018 to 41% in 2019. Test attacks resulted in connection drops or significantly slower connections -- in the range of 3G.

CNET: Coronavirus timeline: How the disease spread across the globe

Other possible avenues of attack resulted in subscriber location tracking and the ability to steal subscriber information. Locations could be tracked in 89% of cases by impersonating roaming partners to send signaling messages requesting the location of a subscriber. Subscriber data -- such as phone numbers, mobile device status, and access point configurations -- could be stolen in 81% of cases when user locations were not verified when receiving signaling traffic requests.

In addition, the researchers say that when 5G networks are built upon existing architecture and the protocol, these security weaknesses will continue to exist. 

 "A lot of the major mobile operators are already starting to roll out their 5G networks and so the industry needs to avoid repeating the mistakes of the past by having security front and center of any network design," says Dmitry Kurbatov, CTO at Positive Technologies. "Trying to fix mistakes on an ad-hoc basis, often results in new solutions being poorly integrated into the existing network architecture."

TechRepublic: 2020 tech conferences: Dates, locations, and which events are changing due to COVID-19

In related news over the past week, researchers discovered that three botnet operators have been secretly exploiting three zero-day vulnerabilities in DVRs for over six months. The digital video recorders are used to support and host video feeds from CCTV and IP camera systems.

10 worst hacks and data breaches of 2019 (in pictures)

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards