According to information security researchers from Positive Technologies, some 5G networks are at risk of attacks due to “long-standing vulnerabilities” in the underlying protocols.
“The stack of technologies in 5G potentially leaves criminals with the ability to attack subscribers and the operator’s network. Such attacks can be carried out from the international roaming network, the operator’s network or partner networks that provide access to services, ”the message says.
The HTTP / 2 protocol, used to perform critical network functions, including registering and storing user profiles, contains vulnerabilities that could allow attackers to conduct denial of service attacks against mobile phone users.
“The main question for all telecommunications companies and cybersecurity professionals is what will be the security situation with 5G after the transition from 4G LTE networks is complete?” Said Dmitry Kurbatov, director of information security for telecommunications systems.
The experts drew attention in the report to the PFCP protocol, which is used to establish subscriber connections. According to them, it “contains several potential problems, including DoS vulnerabilities, restricting subscribers’ access to the Internet and redirecting traffic to an attacker.”
In addition, the EU cybersecurity agency ENISA this week released a 5G security report that outlines dangerous vulnerabilities in the technologies underlying 5G networks (both at the radio access level and at the core level).