Researchers from security firm Positive Technologies warns of 4G/5G Wireless Networks as vulnerable as WiFi and putting smart-cities at risk
TheÂ Internet of ThingsÂ (IoT) presents many new opportunities and some different challenges. The vast number of devices makes it very expensive to connect everything with traditional network cabling and in many cases the equipment only supports wireless connectivity.
ManyÂ IoT devicesÂ for consumers leverage WiFi networks and we are already seeing the security challenges with these technologies. The largestÂ Denial of Service (DoS)Â attacks leverage consumer IoT equipment (Mirai Botnet) and there are many stories of bad actorsÂ spying on people through their unsecured webcams.
While WiFi is widely adopted in homes, it doesnâ€™t scale well to large commercial installations like IndustrialÂ IoTÂ in manufacturing, energy or SmartCities.
As communications carriers deploy expansive 4G/5G Wireless Networks these are becoming the infrastructure of choice for commercial IoT. Unfortunately, although managed by professionals, they still have many vulnerabilities that can increase risks unexpectedly. We already knew that theÂ SMS messaging system was flawedÂ and can not be relied upon for secure messaging.
Now security vendor, Positive Technologies, isÂ warning that a fundamental protocol of 4G/5G Wireless Networks creates three potential risks.
â€śDetected vulnerabilities pose a threat to intelligent traffic lights and street lighting; electronic road signs; information displays at bus stops; and other smart city features that are commonly connected to mobile networks of the fourth generation. Positive Technologies revealed these flaws in mobile networks, which are also relevant to future 5G networks, as part ofÂ securityÂ assessment conducted in 2016 and 2017.â€ť reads theÂ reportpublished byÂ Positive Technologies.
â€śVulnerability exploitation techniques specified in the report are based on flawsÂ ofÂ the GTP protocol. They do not require an attacker to possess any sophisticated tools or skills,Â insteadÂ they simply need a laptop, a free software installer for penetration tests, and basic programming skills.â€ť
You have probably heard aboutÂ Voice Over IPÂ (VoIP) which is a technology method to convert voice into discrete data packets. Once converted it becomes possible to send voice conversations through the same network as computer-to-computer data transmissions (e.g. email, streaming videos, etc.)
These networks rely on something called the Extended Packet Core (EPC) which in turn leverages General Tunneling Protocol (GTPv2) to allow voice and data communications channels to be combined. It is within the GTPv2 proposal that the most recent flaws were discovered.
On its own, there is no encryption included in the protocol so inherent security and authentication must be handled elsewhere in the applications.
â€śThe mobile network infrastructure is based on a set of telephony signaling protocols, developed inÂ 1975,Â when security wasnâ€™t a consideration but was less of a risk as only a few people had access. Today thatâ€™s no longer true. Access hasÂ spiralledÂ yet security is still non-existent,â€ťÂ explains Michael Downs, Director of Telecoms Security (EMEA) of Positive Technologies.
Positive Technologies predicts three different, potential exploits:
- Information Leakage: with access to the network it is possible for bad actors to discover information about other nodes connected to the network (e.g. location, firmware versions, etc.)
- Denial of Service: GTP is used to create an isolated communications channel, but it isnâ€™t completely isolated. Several usersâ€™ communications are combined in a single channel and it is possible for one of these users to disconnect the tunnel for all users.
- Compete Takeover: many IoT devices are running simple IP stacks and vulnerable system stacks. Existing and yet to be discovered vulnerabilities may exist in these devices and the lack of encrypted isolation means they are remotely accessible and perhaps remotely exploitable.
Similar to other wireless protocols like WiFi and Bluetooth, EPC is not inherently secure. If you need to rely on these topologies for secure communications, you need to take advantage of additional security controls. As always, you must be accountable for your own security.