The 4G wireless telecommunications protocol is vulnerable to the same types of remote exploitation as its 3G predecessor, new research emphasizes.
As with the flaw-ridden protocol underlying 3G, the 4G protocol is susceptible to attacks that disclose mobile users’ information or impose a denial of service, according to a report from mobile-security company Positive Technologies.
Security researchers have long warned that spies or hackers could exploit the protocol supporting 3G — known as Signaling System No. 7 (SS7) — to intercept or track call data. The move from 3G to 4G, and the latter’s Diameter protocol, was supposed to mitigate some vulnerabilities, but security experts also have made clear that Diameter is no safeguard against hacking.
While the new research indicates 4G is vulnerable to a smaller scope of attacks than 3G, it shows that attackers could shift a user’s device to 3G mode to exploit the less-secure SS7. Further, most mobile operators use 4G for internet access but 3G for text and voice services, according to the report, leaving 4G subscribers “largely tied to previous-generation networks” and their attendant vulnerabilities.
The researchers highlight configuration flaws in network equipment that they say can be easily fixed, as well as more fundamental flaws with the Diameter protocol. To stem the risk of Diameter-based attacks, the researchers advise organizations to continuously monitor and analyze signaling traffic to nip suspicious activity in the bud.
The research, which covered 15 telecom operators in Europe and Asia, is a reminder of the challenges inherent in making telephony protocols more secure from one network generation to another. Security advocates in the telecoms industry are trying to use the forthcoming 5G standards to strengthen protocols against hacking and surveillance.
U.S. lawmakers have drawn attention to the SS7 flaw and its implications for national security.
In response to a query from Sen. Ron Wyden, D-Ore., the Department of Homeland Security recently said it had received reports that “nefarious actors” may be exploiting SS7 to spy on Americans. On the House side, Democratic Reps. Ted Lieu of California and Ruben Gallego of Arizona in April asked the White House what it is doing to secure President Donald Trump’s communications following news reports that he continued to use a less-secure personal phone.