Wednesday, March 3, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Old GTP protocol vulnerabilities will also impact future 5G networks

June 16, 2020
in Internet Security
Old GTP protocol vulnerabilities will also impact future 5G networks
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image via Maxwell Ingham

Vulnerabilities in the GPRS Tunnelling Protocol (GTP) will continue to impact mobile operators even as they migrate to 5G infrastructure.

In reports published last week and in December 2019, cyber-security firms Positive Technologies and A10 Networks detailed a series of vulnerabilities in this legacy mobile protocol. These include:

You might also like

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers

Linux Mint may start pushing high-priority patches to users

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

  • Disclosure of subscriber information (including location data, used for user tracking)
  • Spoofing, which can be used for fraud and impersonation attacks
  • Denial-of-Service (DoS) attacks on network equipment, resulting in mass disruption of mobile communication

Researchers say that because mobile providers will have to support the protocol on their 5G networks for legacy reasons, users will remain vulnerable to attacks even if the 5G protocol itself contains security features to prevent similar attacks.

What is GTP?

GTP, or the GPRS Tunnelling Protocol, is a mechanism developed to interconnect different networks by creating IP-based tunnels between devices and the mobile network.

The protocol was initially developed as a method of interconnecting different providers of GPRS (2.5G) communications, and allow users to roam across different provider networks, but still have access to features like SMS, MMS, WAP, and others.

As new protocols were developed, such as 3G and 4G (LTE), GTP retained its role inside mobile operators, acting as a liaison between old and new technologies alike.

However, GTP was developed in the early days of internet-capable mobile devices. As with all first-gen protocols, security was not baked into its original design.

While the protocol can be excused for not supporting encrypted communications in an era when such a feature was not common, GTP also didn’t support something as basic as “sender authentication.”

This means that anyone can send a GTP packet to a mobile telco’s GTP infrastructure with fake data, and the mobile operator will execute the GTP packet, thinking it’s legitimate traffic, with no way of verifying it came from one of its legitimate users.

From this basic design flaw, security researchers have, over the past years, discovered different ways to abuse GTP across 2.5G, 3G, 4G, and now, 5G.

Old GTP issues confirmed in current 5G networks

In a report published last week, Positive Technologies said it performed security audits of 28 mobile operators in Europe, Asia, Africa, and South America.

The security audits took place in 2018 and 2019, and researchers looked at both 4G and 5G network designs, at multiple protocols, and not just GTP.

Most of the networks they analyzed, were vulnerable to the old GTP attacks, regardless if the telcos were running 4G or 5G setups, Positive Technologies said.

gtp-bugs.png

Image: Positive Technologies

Currently, GTP is used in mixed 4G-5G networks, but the protocol will also be supported on 5G standalone networks, as they begin rolling out.

Positive Technologies says that 5G network operators need to secure their GTP legacy integrations by deploying additional systems that perform subscriber authentication and authorization.

“GTP security issues will not go away completely even after the transition to 5G Standalone,” Positive Technologies said.

“While 5G security is a big step forward, mobile networks will continue to be exposed to GTP threats through roaming partners or prior mobile technologies using GTP,” A10 Networks said last year. “Mobile operators will need to deploy a GTP firewall to protect against GTP-based attacks coming in from access networks, roaming partners, IoT, and more to support uninterrupted operations for their networks and subscribers.”

Credit: Zdnet

Previous Post

Intel Stock Looks Like a Cheat Bet On Future of Tech

Next Post

Critical Capabilities For Edge Computing In Industrial IoT Scenarios

Related Posts

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers
Internet Security

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers

March 3, 2021
Linux Mint may start pushing high-priority patches to users
Internet Security

Linux Mint may start pushing high-priority patches to users

March 3, 2021
Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root
Internet Security

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

March 3, 2021
Google addresses customer data protection, security in Workspace
Internet Security

Google addresses customer data protection, security in Workspace

March 2, 2021
Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC
Internet Security

Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC

March 2, 2021
Next Post
The Present And Future Of Data Science, An Interview With Anthony Scriffignano, Senior Vice President & Chief Data Scientist At Dun & Bradstreet

Critical Capabilities For Edge Computing In Industrial IoT Scenarios

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Customer Experience Management and Improvement
Marketing Technology

Customer Experience Management and Improvement

March 3, 2021
New app rollout helps reduce paperwork for NSW frontline child protection caseworkers
Internet Security

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers

March 3, 2021
Cloudera: An Enterprise-Level Play On Machine Learning And Big Data – Seeking Alpha
Machine Learning

Cloudera: An Enterprise-Level Play On Machine Learning And Big Data – Seeking Alpha

March 3, 2021
The Symbolic World: Raising A Turing’s Child Machine (1/2) | by Puttatida Mahapattanakul | Feb, 2021
Neural Networks

The Symbolic World: Raising A Turing’s Child Machine (1/2) | by Puttatida Mahapattanakul | Feb, 2021

March 3, 2021
Top 10 ‘Brand Guardian’ Most Famous, Most Reputable CEOs
Marketing Technology

Top 10 ‘Brand Guardian’ Most Famous, Most Reputable CEOs

March 3, 2021
Linux Mint may start pushing high-priority patches to users
Internet Security

Linux Mint may start pushing high-priority patches to users

March 3, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Customer Experience Management and Improvement March 3, 2021
  • New app rollout helps reduce paperwork for NSW frontline child protection caseworkers March 3, 2021
  • Cloudera: An Enterprise-Level Play On Machine Learning And Big Data – Seeking Alpha March 3, 2021
  • The Symbolic World: Raising A Turing’s Child Machine (1/2) | by Puttatida Mahapattanakul | Feb, 2021 March 3, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates