A new SecurityGen study highlights a hidden threat to 5G mobile networks from GTP-based cyber-attacks. Telecom security experts call on operators to apply comprehensive cyber-security measures against GTP threats.
A new study by SecurityGen, the global provider of security solutions and services for the telcom industry, demonstrates a need for mobile operators to reassess security vulnerabilities in the key GTP (GPRS Tunnelling Protocol) protocol and bolster GTP security within their networks as they continue to invest in and roll out 5G.
150 Telecom Security Assessments Conducted
The whitepaper, titled GTP vulnerabilities: A cause for concern in 5G and LTE networks, is based on 150 telecom security assessments of 39 live mobile networks in 24 countries across the SEA, LATAM, and MEA regions during 2022 and 2023. It highlights the most critical GTP-related threats to raise awareness among mobile operators and stakeholders of the hidden vulnerabilities within the protocol.
It found that nearly 77% of networks had no cyber-security measures in place against GTP-based attacks. Only 23% had a high level of cyber-security measures in place to keep successful GTP-based test attacks to a minimum.
Expert Shares His Insights
Dmitry Kurbatov, Co-Founder and CTO of SecurityGen, shares his outlook on the study, “Despite its widespread use, the GTP mobile network protocol is not entirely secure and opens up opportunities for attackers to intercept sensitive user data, engage in fraudulent activities, or disrupt network services,” adding, “As we explored and examined GTP’s security vulnerabilities, it became apparent that the protocol requires in-depth consideration and robust mitigation strategies to block the potential threats and even more so in the 5G set-up.”
The SecurityGen assessments found that all of the tested networks exhibited some vulnerabilities in their management of the GTP protocol:
- In 71% of networks assessed, GTP-based test attacks on subscriber information disclosure were successful. Which can be used to impact subscribers, perform other attacks, target other interfaces, radio interfaces and OS and network vulnerabilities.
- 62% networks assessed were vulnerable to fraudulent activity involving the GTP protocol.
- 85% of networks were susceptible to targeted attacks on subscribers aimed at impeding or completely interrupting the functionality of data transmission services.
- 46% were vulnerable to network equipment denial-of-service attacks. Using this vulnerability, an attacker can simultaneously hinder network (Internet) connection for individual subscribers and many users via network equipment denial.
- User traffic interception was successful in 69% of the networks tested. By exploiting this vulnerability, an attacker can direct all incoming traffic to their equipment by altering the nodes that process the user traffic.
Kurbatov explains, “Throughout our assessments, were were surprised that not a single network was protected with a GTP firewall. Even when mobile operators claimed to have a GTP firewall deployed, we could carry test attacks successfully, as there was no functional GTP firewall in place. This suggests that either the GTP firewall was not actively operational, or its filtering rules were not correctly configured or enabled.”