Hackers can exploit vulnerabilities in HTTP/2 and packet forwarding control protocol (PFCP) used by standalone 5G networks to steal subscriber data, launch impersonation attacks and fake subscriber authentication, a recent report by Positive Technologies said.
Positive’s 5G Standalone Core Security Assessment covers vulnerabilities and threats for subscribers and mobile network operators stemming from new standalone 5G network cores. When transitioning to the next-generation mobile technology, communication providers can opt for standalone and non-standalone 5G (based on 4G LTE infrastructure). In general, service providers that want to offer 5G speeds start with non-standalone and once 5G coverage is established they implement standalone 5G.
The non-standalone 5G networks are vulnerable to hackers because of exploits in the Diameter and GTP protocols, Positive said. While operators are gradually migrating to standalone infrastructure, Positive said, it has its own “security considerations.”
Here’s the key results of Positive’s audit:
- The stack of technologies in 5G potentially leaves the door open to attacks on subscribers and the operator's network. Such attacks can be performed from the international roaming network, the operator's network, or partner networks that provide access to services.
- The PFCP used to make subscriber connections has potential flaws, including denial of service, cutting subscriber access to the internet and redirecting traffic to an attacker. Proper configuration of the architecture can stop these types of attacks.
- The HTTP/2 protocol, which is responsible for vital network functions (NFs) that register and store profiles on 5G networks, contain several vulnerabilities that could enable hackers to obtain the NF profile and impersonate any network service using details such as authentication status, current location, and subscriber settings for network access.
“There is a risk that attackers will take advantage of standalone 5G networks while they are being established and operators are getting to grips with potential vulnerabilities,” said Dmitry Kurbatov, Positive chief technology officer. “Subscriber attacks can be both financially and reputationally damaging, especially when vendors are in high competition to launch their 5G networks. With such a diverse surface of attack, robust core network security architecture is by far the safest way to protect users,” Kurbatov said.