Vulnerabilities in the GPRS Tunnelling Protocol (GTP) expose 4G and 5G cellular networks to a variety of attacks, including denial-of-service, user impersonation, and fraud, Positive Technologies security researchers warn.
The identified issues impact both mobile operators and their clients, and could result in attackers leaving entire cities without communications, impersonating users to gain access to various resources, or using network services at the expense of the operator or subscribers.
Some of the attacks may be performed with the simple use of a mobile phone and all of the tested networks were found vulnerable to DoS, impersonation, and fraud, the researchers say. 5G networks, they underline, are directly impacted by faults in GTP, which is used to transmit user and control traffic.
Positive Technologies performed security assessments on behalf of 28 telecom operators in Europe, Asia, Africa, and South America,
discovering that all networks are susceptible to exploitation. [....]
