Wednesday, January 27

4G and 5G networks are vulnerable due to their mix with old technologies

The deployment of 5G networks continues its course and in the market there are more and more mobile phones compatible with this technology. However, cybersecurity researchers believe that the next step is to strengthen the protection of wireless connections. Despite the global pandemic, plans to deploy the fifth generation of wireless connections have run their course and operators are beginning to include 5G in their services for both companies and users. As in every technological innovation, part of the development process involves reinforcing security against possible attacks and detecting every vulnerable corner that could serve as access for cybercriminals. 5G also has vulnerabilities and they are not as new as this, but were developed decades ago. During a Black Hat Asia presentation on Friday, Sergey Puzankov, a security expert at Positive Technologies, highlighted the SS7 protocol as one of the problems still plaguing the telecommunications industry. This protocol was developed in 1975 and has not evolved much since then. Now you can stop worrying: the 5G connection is safe for your health. And not just anyone says it, but the highest scientific authority that in the last 20 years has been measuring and regulating radiation from mobile phones. The mix of technologies from different eras on which 5G is being deployed makes it easier to find gaps like this in old technologies. The Signaling System 7 (SS7) was already revealed in 2014 as a protocol with serious security flaws, which could make it easier for cybercriminals to intercept phone calls and sms to bypass two-factor authentication (2FA). This type of attack affects 5G as well as 2G, 3G and 4G networks. In addition to intercepting calls and sms, cybercriminals can carry out what is known as subscription fraud. It consists of sending “random” requests to subscribers through the SS7 / GTP protocols. In this way, they can apply to each victim a subscription with the personal data that has been stolen. “It is still possible for attacks to take place on well-protected networks,” Puzankov said in the presentation. Operators are already aware of this vulnerability and are working to avoid it and protect networks. “In most cases, operators can better protect their networks at no additional cost. They only need to verify whether their security tools are effective in analyzing new vulnerabilities,” explained Puzankov.

Leave a Reply

Your email address will not be published. Required fields are marked *