In the 4G network for authentication and authorization messages and vulnerability make it "Diameter" signaling protocol information distribution vulnerable.
Positive Technologies researchers replicated the threats to the participants, they try to penetrate the mobile network achieved a 100% success. They also found that the biggest threat is a denial of service attack.
This means that builds on the previous generation of network 5G network will also inherit the same threats - such as tracking user location, access to sensitive information, and in some cases, the user will be downgraded to unsafe 3G network.
This is because the first generation of 5G network (5G non-independent) core network based on LTE, which means 5G vulnerable to the same vulnerabilities.
. "Many of the major mobile operators have launched its 5G network, so the industry need to ensure the safety and centrality in the network design to avoid any repetition of past mistakes" Dmitry Kurbatov Positive Technologies chief technology officer, said: "If you let it development, the 5G network will be unable to avoid being affected by the same vulnerabilities on the network generation. security as a means to further develop afterwards means, inevitably there will be problems, and operators will be forced to transform security, to the existing network pressure. budget trying to temporarily correct the error, usually lead to new solutions not well integrated into the existing network architecture. "
Other vulnerabilities diameter of protocol means that external actors can track the subscriber location and access to subscriber-sensitive information that can be used to intercept voice calls, thus bypassing the restrictions on mobile services. Today, mobile operators do not have the resources and equipment operators to carry out in-depth analysis of traffic, which makes them difficult to distinguish between fake and legitimate users.
Kurbatov added: "At present, operators ignored the cross-reference information to verify the user's position to be able to filter false messages between legitimate messages and mobile operators can not afford to stop operating pressure, so they need to be able to stop illegal messages. the solution does not affect network performance or user access to the network using the threat detection system requires proper filtering of the incoming message, the system can analyze real-time traffic signal and detects an external host of illegal activities and mark in accordance with GSMA guidelines configuration errors . "
The full report is available at Positive Technologies website found on.