An analytical report has revealed serious vulnerabilities in current and upcoming mobile networks that make them unsuitable for smart city deployments and put users at risk of surveillance.
Security researchers at Positive Technologies identified flaws in the 4G network core, known as the EPC (Evolved Packet Core), which can be exploited via weaknesses in the GTP protocol.
GTP (GPRS Tunneling Protocol) is a suite of IP-based communication protocols used to carry General Packet Radio Service (GPRS) across 2G (GSM), 3G (UMTS/CDMA/WCDMA), 4G (LTE) and 5G networks.
5G is frequently promoted as a foundational technology for smart cities, but these vulnerabilities mean current deployments are not yet fit for purpose. Existing smart city systems that rely on 4G connectivity — including intelligent traffic lights, street lighting controls, electronic road signs, bus stop information displays and more — are exposed to potential attacks.
Attackers do not need specialized hardware or advanced expertise. A laptop, freely available penetration-testing tools and basic programming skills are sufficient to exploit some of these weaknesses.
Industrial Internet of Things (IIoT) devices, autonomous vehicles and other IoT endpoints can be compromised or subjected to denial-of-service. With over 1.5 billion IoT devices expected to be connected to mobile networks by 2022, the risk is growing.
“Many cities optimize road traffic by deploying smart traffic lights that are often networked using 4G technologies. If such a network is hacked and a denial-of-service attack disrupts even a few traffic lights, it could cause accidents and bring traffic to a standstill,” says Pavel Novikov, Head of the Telecom Security Research Group at Positive Technologies. “That is why mobile operators involved in city automation must prioritize measures to prevent network threats.”
Ordinary mobile users are at risk as well. Attacks can enable surveillance, allowing eavesdropping on VoLTE calls and interception of web traffic and SMS messages.
Threats against mobile users can originate from insiders within telecom operators or from external attackers who gain access to operator infrastructure. Entry can be achieved through methods like password brute-forcing or by exploiting vulnerabilities at the network perimeter. In some cases, researchers note, access can be obtained from a subscriber’s own phone.
This report analyzes vulnerabilities in the GTP protocol across current and future mobile networks that could endanger smart cities and users; additional weaknesses are likely to be discovered. Positive Technologies recently published another report examining vulnerabilities in Diameter, another critical protocol used in 4G and 5G networks.
“With the deployment of 5G, our environment is set to change dramatically. Smart hospitals, vehicles, stadiums, ports, streets and entire cities are among the expected transformations,” says Michael Downs, Director of Telecoms Security, EMEA, at Positive Technologies. “That raises the security stakes significantly. Vulnerabilities in Diameter and GTP are already a major concern for mobile operators today, partly due to increased LTE roaming. As 5G is rolled out more widely, routine security audits will become essential.”
Are you concerned about mobile network vulnerabilities? Share your thoughts in the comments.