Every 5G network is at risk of DoS attacks due to Diameter protocol vulnerability

(Image credit: Future)

The Covid-19 crisis – and the mandated self-isolation and quarantine measures that have come into effect across the globe – have made the telecoms industry more vital than ever before. Unfortunately, there is a risk that malicious actors will try to exploit the crisis to undermine networks. 

"We have proved by replicating the actions of hackers, we were able to infiltrate 100% of mobile networks."

Jimmy Jones, Positive Technologies.

These threats are a real concern for telecoms operators, of 2G, 3G, 4G and 5G networks. Among these, the Diameter Signalling protocol, which is used to authenticate and authorise messages and information distribution in 4G networks, is vulnerable in a number of ways which operators must understand, in order to protect themselves effectively from attack.  These legacy vulnerabilities in the protocol means 5G networks built using previous generation networks inherit the same threats - such as tracking user location, obtaining sensitive information and in some cases downgrading users to insecure 3G networks. 

We have proved by replicating the actions of hackers, we were able to infiltrate 100% of mobile networks. Denial of Service (DoS) attacks, in particular, could be conducted on all mobile networks through Diameter. This affects both 4G and 5G users, because the first generation of 5G networks (5G Non-Standalone) is based on the LTE network core, which means that 5G security is susceptible to the same flaws.

IoT most at risk

The threat of Denial of Service (DoS) attacks is especially pertinent when it comes to the worldwide rollout of IoT (Internet of Things) devices, which Gartner predicts will reach 25 billion  2021. This is significant because a DoS attack on an IoT network that makes up industrial and national infrastructure could have devastating consequences. IoT devices are particularly sensitive to failures in mobile networks and can take some time to become operational again. For example, this could mean alarm systems fail to activate during an emergency, industrial sensors go offline, smart city systems can no longer communicate - all these things have the potential for much greater consequences than a temporary loss of phone coverage or an internet slowdown for home users. 

If a mobile operators service is adversely affected, this may have an irreversible effect on their reputation and impact subscriber confidence and subscription numbers permanently. The possibility of hackers stopping network access for any services is especially worrying during the COVID-19 crisis. Not only could it grind day to day work to a halt, for those relying on the mobile network for their jobs, but it could be detrimental to crucial infrastructure service access.

Unfortunately, our research shows that - in spite of 5G now relying on the same architecture - the last two years have brought almost no improvement in the security of Diameter networks. Today, mobile operators do not have the resources or equipment to perform deep dive security analysis on traffic, which makes it difficult for operators to be able to distinguish between fake and legitimate signalling messages.

Beyond DoS attacks

Beyond DoS attacks, there is a high frequency of attacks relating to subscriber information disclosure, subscriber location disclosure and network information disclosure. These risks show no sign of abating: our three-year analysis found successful denial of service attacks rose 3 percent from (38 percent) 2018 to (41 percent) 2019. These vulnerabilities are due predominantly to failures in the construction of Diameter architecture. Forty-three percent of the time, this is due to failing to check a subscriber’s network, with failure to check the subscriber’s actual location making up the other 57 percent. This is a very real threat, as tracking subscriber location and obtaining sensitive subscriber information could be used to intercept voice calls, change billing parameters and input restrictions on mobile services.

"Operators are delaying stand-alone 5G deployment for now, so the networks will be based on the previous generation, which includes Diameter protocol."

Jimmy Jones, Positive Technologies.

This may sound like doom and gloom but there are ways in which operators can protect themselves from these kinds of attacks. First and foremost, security must be a priority during network design. Any attempt to implement security measures as an afterthought in later stages of deployment may cost significantly more: operators will likely need to purchase additional equipment, at a minimum. 

They will be lucky if they can achieve this and some operators may be stuck with long-term security vulnerabilities that cannot be fixed simply. Another essential security measure is to make sure signalling traffic is constantly monitored and analysed as it crosses the network border. This allows those controlling the network to identify potential threats and configuration errors at speed and mitigate them as soon as possible. This level of monitoring is encouraged by GSMA guidelines. 

Mobile operators cannot afford to ground operations to a halt and so they need solutions which can block illegitimate messages without impacting network performance or user access to the network. If this can be achieved on a pre-existing network then so much the better, but the most secure and ideal scenario is factoring security into the network’s original design. This would mean that the threats posed by the Diameter protocol can be protected against and the network can operate seamlessly. 

Operators are delaying stand-alone 5G deployment for now, so the networks will be based on the previous generation, which includes Diameter protocol. This means these issues will be with us for some time yet, and network operators need to remain vigilant of the potentially catastrophic security threats they present. 

Jimmy Jones

 Jimmy Jones’ experience in telecoms spans over twenty years.  Throughout his career he has strengthen his industry knowledge, working in multiple engineering roles within major operators such as WorldCom (now Verizon), and vendors including Nortel and Genband. Jimmy joined Positive Technologies in 2017 to help telecom clients transform their network, by leveraging his extensive industry experience.