Long-standing vulnerabilities in older wireless broadband standards will continue to dog new 5G networks, despite efforts to improve network security, a new report has claimed.
Researchers with Positive Technologies say that a legacy standard known as GPRS Tunneling Protocol (GTP) is the culprit behind security issues that will leave many of the early 5G networks open to attacks such as spoofing, man-in-the-middle, and denial of service.
Introduced during the earliest upgrades to 2G broadband networks and used through the current 4G standard, GTP allows for data packet transfer between various wireless networks and carriers. For example, if a user is roaming, GTP allows for their calls to be made through a local carrier and handed off to another network.
The idea is to provide an easy way for users to link up with different carriers and move data across multiple networks and countries. GTP is the common link-up these networks and devices use to identify themselves and their data packets.
Unfortunately, the standard also has a number of fundamental security flaws that render it unable to accurately check location and subscriber credentials, meaning an attacker can spoof traffic on a network to hide their number, impersonate users to sign up for premium services, and cause denial of service by attempting to open up multiple data connections at a single access point.
"These vulnerabilities continue to persist because the GTP Protocol hasn't changed significantly from one generation to the next," Positive Technologies telecom security research head Pavel Novikov told The Register.
"In most cases, operators don't have the monitoring solutions in place to know that their network has these problems, so the security implications have flown ..
Support the originator by clicking the read the rest link below.
