Researchers identified various vulnerabilities in connection with the GPRS Tunnelling Protocol (GTP), it is mostly managed by mobile network operators (MNOs). The firm stated that the GTP allows the hacker to attack all 4G and 5G networks through the internet.
The report says that it is one of the severe vulnerabilities in the mobile network area. This vulnerability mostly hits the LTE and 5G network users as we told earlier.
Now, most of you are not very familiar with the GRPS, well, GRPS Tunnelling Protocol is a group that is generally related to the IP-based communications protocols. These are used to convey general packet radio service (GPRS) within GSM, UMTS, and LTE networks.
In this kind of mobile vulnerability, the main motive of the hackers was to use the defects to block the user data, imitate victims, to carry out the denial of service (DoS) attacks or convey any kind of fraud.
Materials and methods
According to the Positive Technologies Rerport, researchers are trying to get access to the security of SS7, Diameter, and GTP networks; While more importantly, the analysts are imitating the actions that would be the external attack of the hackers.
Moreover, the threat actors can send requests to the operator’s network so that they can turn on a wide range of threats if the operator does not take suitable protecting measures. Whereas, malicious actions are affected with the prior guidance of PT Telecom Vulnerability Scanner (PT TVS).
Rather than this method, the experts also use PT Telecom Attack Discovery (PT TAD) so that with the help of this, they can monitor the security and can disclose the bona fide attacks that mostly target the vulnerabilities that are already existing in the network.
This kind of vulnerability comprises the effects of security assessments that were conducted during the 2018–2019 timeframe on account of 28 telecom operators in Europe, Asia, Africa, and South America.
It was reported that all tested GTP network bears the risk of fraud toward both operator or subscribers, not only this, but it also contains the risk of denial of service (DDoS) against network devices. As we said above, the GTP protocol is flawed in such a manner that it does not verify the user’s exact location.
Even sometimes, it becomes difficult to identify whether the incoming traffic is legitimate or not. As the current subscriber that uses the location can easily send a set of signaling messages to the subscriber’s home network.
Moreover, the security researchers at Positive Technologies have clarified that they can check the movement of the subscribers by using the security tools like SS7 or diameter.
Here are the common GTP threats that an attacker could use to exploit the security flaws:-
- Network elements DoS
- Subscriber information disclosure
What operators can do?
Since we said above that this vulnerability is one of the most dangerous for mobile networks, that’s why the security researchers should always keep an eye on the subscriber if there is any signaling message.
The operator should only allow connections from other operators with which it has a legitimate roaming protocol, as this process always works effectively, and it also blocks any third-party attackers from getting access to the GRX network.
Although, most of the time, they fail to prevent it when the attacks come from the threat actors. But, to make the situation better, the operators require to look strictly at the GTP protocol, and they should guarantee to filter at the GTP level and expand purpose-made security solutions.
While one of the critical steps that an operator should do is complete GSMA security support, as these securities, involve ongoing monitoring and review of signaling traffic to identify potential security threats.
To put extra protection on the core network, one should always go with the proper security assessment, as the security assessment is a process to assess the effectiveness of any security tools in a particular place.