A brand new SecurityGen examine highlights a hidden risk to 5G cellular networks from GTP-based cyber-attacks. Telecom safety consultants name on operators to use complete cyber-security measures in opposition to GTP threats.
A brand new examine by SecurityGen, the worldwide supplier of safety options and companies for the telcom business, demonstrates a necessity for cellular operators to reassess safety vulnerabilities in the important thing GTP (GPRS Tunnelling Protocol) protocol and bolster GTP safety inside their networks as they proceed to put money into and roll out 5G.
150 Telecom Safety Assessments Performed
The whitepaper, titled GTP vulnerabilities: A trigger for concern in 5G and LTE networks, is predicated on 150 telecom safety assessments of 39 dwell cellular networks in 24 international locations throughout the SEA, LATAM, and MEA areas throughout 2022 and 2023. It highlights essentially the most vital GTP-related threats to boost consciousness amongst cellular operators and stakeholders of the hidden vulnerabilities throughout the protocol.
It discovered that just about 77% of networks had no cyber-security measures in place in opposition to GTP-based assaults. Solely 23% had a excessive stage of cyber-security measures in place to maintain profitable GTP-based take a look at assaults to a minimal.
Professional Shares His Insights
Dmitry Kurbatov, Co-Founder and CTO of SecurityGen, shares his outlook on the examine, “Regardless of its widespread use, the GTP cellular community protocol is just not fully safe and opens up alternatives for attackers to intercept delicate consumer knowledge, interact in fraudulent actions, or disrupt community companies,” including, “As we explored and examined GTP’s safety vulnerabilities, it turned obvious that the protocol requires in-depth consideration and sturdy mitigation methods to dam the potential threats and much more so within the 5G set-up.”
The SecurityGen assessments discovered that the entire examined networks exhibited some vulnerabilities of their administration of the GTP protocol:
- In 71% of networks assessed, GTP-based take a look at assaults on subscriber data disclosure had been profitable. Which can be utilized to affect subscribers, carry out different assaults, goal different interfaces, radio interfaces and OS and community vulnerabilities.
- 62% networks assessed had been weak to fraudulent exercise involving the GTP protocol.
- 85% of networks had been vulnerable to focused assaults on subscribers aimed toward impeding or utterly interrupting the performance of knowledge transmission companies.
- 46% had been weak to community tools denial-of-service assaults. Utilizing this vulnerability, an attacker can concurrently hinder community (Web) connection for particular person subscribers and lots of customers by way of community tools denial.
- Person site visitors interception was profitable in 69% of the networks examined. By exploiting this vulnerability, an attacker can direct all incoming site visitors to their tools by altering the nodes that course of the consumer site visitors.
Kurbatov explains, “All through our assessments, had been had been shocked that not a single community was protected with a GTP firewall. Even when cellular operators claimed to have a GTP firewall deployed, we may carry take a look at assaults efficiently, as there was no practical GTP firewall in place. This implies that both the GTP firewall was not actively operational, or its filtering guidelines weren’t appropriately configured or enabled.”
