A new study conducted by SecurityGen, a global provider of security solutions and services for the telecom industry, has highlighted the need for mobile operators to address security vulnerabilities in the GPRS Tunnelling Protocol (GTP) as they continue to invest in and roll out 5G networks. The study, titled “GTP vulnerabilities: A cause for concern in 5G and LTE networks,” is based on 150 telecom security assessments of 39 live mobile networks conducted between 2022 and 2023.
According to the report, a staggering 77 percent of the networks assessed had no cyber-security measures in place to protect against GTP-based attacks. Only 23 percent had high-level measures in place to minimize successful attacks. These findings indicate a significant lapse in security measures within mobile networks, leaving them vulnerable to potential attacks and disruptions.
The GTP protocol, widely used in mobile networks, has been found to have security flaws that can be exploited by attackers. These vulnerabilities allow for the interception of sensitive user data, fraudulent activities, and the disruption of network services. Dmitry Kurbatov, co-founder and CTO of SecurityGen, emphasized the need for mobile operators to prioritize the security of the GTP protocol, particularly in the context of 5G networks.
The study conducted by SecurityGen involved telecom security assessments in 24 countries across the SEA, LATAM, and MEA regions, involving 39 mobile operators. It revealed that all of the tested networks exhibited vulnerabilities in their management of the GTP protocol.
In 71 percent of the networks assessed, GTP-based test attacks on subscriber information disclosure were successful. This can have far-reaching impacts, including other attacks, targeting interfaces, radio interfaces, OS vulnerabilities, and network vulnerabilities. Additionally, 62 percent of the networks assessed were found to be vulnerable to fraudulent activities involving the GTP protocol. Furthermore, 85 percent of the networks were susceptible to targeted attacks on subscribers, which could impede or completely interrupt data transmission services. Network equipment denial-of-service attacks were found to be possible in 46 percent of the networks, enabling attackers to hinder network connections for individual subscribers and multiple users. Lastly, user traffic interception was successful in 69 percent of the networks tested, allowing attackers to direct incoming traffic to their equipment.
What is concerning is that none of the assessed networks were found to have a GTP firewall in place, despite claims by mobile operators that they had deployed one. This suggests that either the firewall was not operational or its filtering rules were not correctly configured or enabled. Kurbatov stressed the importance of using a fully functional GTP firewall as a significant step towards enhancing the security of mobile networks and protecting them against potential threats.
The study also highlighted the interconnected nature of 3G, 4G, and now 5G networks and the amplified risks posed by GTP security vulnerabilities. It revealed a lack of robust security measures across a significant proportion of the mobile networks assessed. Although efforts have been made by the GSMA and individual mobile operators since 2017, comprehensive cyber-security measures are still not widespread.
Given the increasing role of mobile technology in various aspects of our lives, effective cyber-security measures and policies should be a top priority for mobile operators. This includes implementing comprehensive GTP protection strategies, deploying functional GTP firewalls, applying GSMA-recommended protections, integrating intrusion detection systems, and monitoring all network communication interfaces regularly. The findings of this study should serve as a wake-up call for operators and the telecoms industry as a whole to take the necessary actions to secure our interconnected digital future.
To access the SecurityGen White Paper, “GTP vulnerabilities: A cause for concern in 5G and LTE networks,” please visit their website.