While promising a constantly connected world, just like their predecessors, 4G and 5G networks are also vulnerable to cyberattacks. Plagued with weaknesses that leave entire networks at risk of hijacking and DoS attacks, researchers have revealed how 4G and 5G networks' Evolved Packet Core (EPC) architecture can be exploited.
The vulnerabilities don't even need an attacker to have "any sophisticated tools or skills" and can be exploited with a "laptop, a free software installer for penetration tests, and basic programming skills."
Calling these fundamental security flaws in 4G network core, aka EPC, attackers can exploit them to intercept and collect phone calls and text messages, launch Denial-of-Service and man-in-the-middle attacks, and put smart cities and Industrial IoT devices at risk.
"Detected vulnerabilities pose a threat to intelligent traffic lights and street lighting; electronic road signs; information displays at bus stops; and other smart city features that are commonly connected to mobile networks of the fourth generation."
Researchers at Positive Technologies reveal that this multitude of "attacks can be carried out by employees of virtually any telecom operator and by external attackers who gain access to the operator's infrastructure."
"In some cases, attacks can even be implemented from a subscriber's mobile phone."
"4G and 5G are not ready for smart cities"
The security firm has discovered flaws in EPC's GTP protocol (General packet radio service Tunneling Protocol), revealing shortcomings in the protocol. "Before 4G LTE, voice-call interception required that attackers have special equipment and in-depth knowledge of all the specific protocols used for voice calls," Dmitry Kurbatov of Positive Technologies said.
"But since 4G networks are built on the principle of an all-IP network, the attacker can use all currently available hacking tools, which are largely automated and do not require a deep understanding of the nature of the attack." The security report published by the firm reveals that the vulnerabilities result in several potential threats, including:
- Threats to Industrial Internet of Things connected to mobile networks
- Interception of user data, like calls, text messages, unencrypted emails, internet traffic
- Disruption of services, like DoS and MitM attacks
- Collection of data
This is only one of the several reports that have focused on a number of vulnerabilities discovered in 4G and 5G networks that enable attackers to spy on users and turn IoT devices into slaves for their botnets. The security firm has recommended networks to analyze security of the mobile networks and apply special instruments for monitoring and filtering of messages that cross network boundaries. For users, the risks remain same as on previous protocols and WiFi or Bluetooth connections. Security experts recommend using apps that offer encryption for communications to protect data and personally identifiable information.