BLACK HAT ASIA: Researchers have demonstrated how attackers can take advantage of a decades-old protocol to exploit 5G networks.
The next-generation wireless technology is expected to account for 21%[1] of all wireless infrastructure investments over 2020. Pilots and official rollouts are underway worldwide -- despite the disruption caused by COVID-19 -- and many vendors now offer 5G-supporting devices in preparation for transitions from 4G to 5G.
See also: 5G: BT picks Nokia to power networks as UK starts to phase out Huawei[2]
While investment is pouring into 5G from all areas, security appears to be an afterthought, as fragmented and bolted-on telecoms technologies, protocols, and standards leave gaping holes for cyberattackers to exploit.
During a presentation at Black Hat Asia[3] on Friday called "Back to the Future. Cross-Protocol Attacks in the Era of 5G," Positive Technologies security expert Sergey Puzankov highlighted how outstanding issues in the SS7 protocol still plague the telecommunications industry.
CNET: Not even the coronavirus can derail 5G's global momentum[4]
The Signaling System 7 (SS7) industry standard and set of protocols were developed in 1975 and hasn't moved on much from this decade -- and this includes its security posture. In 2014, the cybersecurity firm revealed exploitable security flaws[5] in the protocol which could be used to conduct attacks ranging from intercepting phone calls to bypassing two-factor authentication (2FA).
Diameter and GTP are also commonly used in the telecoms industry for 3GPP, GSM, UMTS, and LTE networks. Mobile networks will often connect these protocols to provide a seamless experience for consumers when they shift between 3G, 4G, and 5G.
"This mishmash of technologies, protocols, and standards in telecom has implications for security," Puzankov says. "Intruders are