View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

GTP Protocol Is Creating Serious Vulnerabilities in 4G and 5G Networks

“Currently, operators are putting very few security measures in place to protect against these vulnerabilities"

By CBR Staff Writer

Mobile operators remain highly exposed to vulnerabilities in the GTP protocol, rendering almost every network open to denial of service attacks, impersonations and fraud campaigns.

The GTP protocol is a tunneling protocol defined by the 3GPP standards to carry General Packet Radio Service (GPRS) within 3G/4G networks; security issues with it are widely recognised.

Security firm Positive Technologies said its tests for 28 telecom operators in Europe, Asia, Africa, and South America found that every one was vulnerable, with the attacks in some places able to be carried out merely with a mobile phone; GTP issues also directly impact 5G networks.

One of the main flaws in the GTP protocol is that it does not check a user’s location, an attacker can use this flaw to send malicious traffic which the home network has trouble identifying the legitimacy of; subscriber credentials are also checked on S-GW (SGSN) equipment by default, which can be mimicked by an attacker to steal data, the security firm said in a new report.

The report states that: “The problem is that location tracking must be cross-protocol, which means checking the subscriber’s movements by using SS7 or Diameter. The security tools used on most networks don’t have such capabilities.”

The researchers tested the networks by simulating real-world attacks by sending request to an operator’s network. Using tools such as a PT Telecom Vulnerability Scanner and a PT Telecom Attack Discovery they found that DoS attacks were successful 83 percent of the time.

Dmitry Kurbatov, CTO at Positive Technologies commented that: “Every network tested was found to be vulnerable to DoS, impersonation and fraud. In practice, this means that attackers could interfere with network equipment and leave an entire city without communications, defraud operators and customers, impersonate users to access various resources, and make operators pay for non-existent roaming services. Moreover, the risk level is very high: some of these attacks can be performed using just a mobile phone.”

Content from our partners
How to turn the evidence hackers leave behind against them
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer

GTP Protocol and 5G

Unfortunately 5G networks are deployed on the Evolved Packet Core (EPC) which was also used to establish the 4G Long-Term Evolution network, as such 5G is also vulnerable to same flaws opened up by the GTP protocol.

The use of the EPC network is supposed to be only a temporary measure till 5G’s core standalone networks is established, but until that is in place 5G is vulnerable to the same security risks as all the other networks.

Dmitry Kurbatov states that: “We can say that most of today’s 5G networks, just like 4G ones, are vulnerable to these types of attacks. This makes the security vulnerabilities of the GTP protocol urgent – as the increased use of 5G vastly increases the damage an attack such as a denial of service attack could do.”

“Currently, operators are putting very few security measures in place to protect against these vulnerabilities and are also making configuration mistakes that are putting their networks at further risk.

“We urge operators to read this research and pay more attention to the GTP protocol and follow the recommendations of the GSMA FS.20 GPRS Tunnelling Protocol (GTP) Security, including implementing ongoing monitoring and analysis of signalling traffic to detect potential security threats.”

See Also: Gaining the Benefits of Device as a Service, Without Inheriting the Risks

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU