Diameter protocol vulnerability allows DOS attack on 5G, 4G, 3G, 2G network

The coronavirus crisis and the consequent social estrangement have led to a change in the telecommunications industry, strengthening its predominant role more markedly than ever before. Unfortunately, there is a risk that threat actors will try to exploit the crisis to take advantage of unsuspecting users.

These threats are a real concern for network telecommunication operators, whether 2G, 3G, 4G or the new 5G network. Among these, the diameter signaling protocol, which is used to authenticate and authorize the distribution of messages and information over 4G networks, is vulnerable to multiple attacks, so operators must take precautionary measures.

The existence of these legacy protocol-to-protocol vulnerabilities means that 5G networks built using networks from previous generations inherit the same threats, such as tracking user location, obtaining sensitive information, and, in some cases, downgrading users to 3G networks with fewer security measures.

A group of researchers demonstrated that by replicating the actions of hackers, it is possible to infiltrate 100% of mobile networks. Denial of Service (DoS) attacks, in particular, could be performed on all mobile networks, which affects 4G and 5G users, as the first generation of 5G networks is based on the core of the LTE network, meaning that 5G security is susceptible to the same attacks.

The possibility of DoS attacks is especially troubling when it comes to the global implementation of Internet of Things (IoT) devices; cybersecurity specialists predict that the number of IoT devices will reach 25 billion in 2021 worldwide. This is not an isolated fact, as a DoS attack on an IoT network that makes up industrial and national infrastructure could have devastating consequences. IoT devices are particularly sensitive to mobile network failures and can take a while to get back online.

Multiple malicious scenarios can be triggered by these attacks; for example, alarm systems may not be activated during an emergency, industrial sensors could be disconnected, smart city systems could collapse, among others. All of these threats have much greater potential than a temporary loss of phone coverage or a slowdown on the Internet by home users.

If a mobile operator service is adversely affected, this can have an irreversible effect on your reputation and impact customer confidence. The possibility of hackers stopping network access for any service is especially troubling during the pandemic, so company defenses need to improve considerably.