Positive Technologies launches 4G and 5G security assessment service

Mobile operators can gauge effectiveness of security measures and identify critical vulnerabilities in signaling networks before attackers do.

Positive Technologies, which has performed audits of SS7 signaling networks since 2014, has launched PT Telecom Security Assessment to secure next-generation 4G and 5G networks. This new service will help telecom companies to stay safe from DoS attacks and billing fraud, ensure regulatory compliance, and protect users' personal data. What's more, regular PT Telecom Security Assessment audits are key for building a secure Internet of Things ecosystem—critical for maintaining the trust placed in mobile operators in an age of always-connected smart cars, smart city infrastructure, energy, and telemedicine.

As of early 2017, 4G services were offered by over 580 mobile operators in 188 countries, with an LTE subscriber base of 1.7 billion. Although 4G networks are technologically more advanced than previous generations, overall security has remained the same. Research by Positive Technologies has shown that 4G and 5G infrastructures are subject to the same attacks as older, SS7-based networks. Critical vulnerabilities in signaling protocols (Diameter, GTP) and network configuration errors offer a way in for attackers seeking to steal subscribers' private data, spy on subscriber location, commit fraud, or perform denial of service.

5G networks, still in their infancy, contain all the vulnerabilities of 4G networks—and worryingly, add some new ones of their own. Besides being faster than 4G (by 10 to 1000 times), reducing energy consumption, and minimizing signal delays, these networks will introduce an important architectural change: Network Function Virtualization. This technology will enable the replacement of hardware equipment with software equivalents (including open-source projects), but has the potential to make mobile networks even more vulnerable to hackers.

"With the deployment of 5G, the world around us is set to change dramatically. Smart hospitals, vehicles, stadiums, ports, streets, and entire cities are just some of what we can expect," predicts Michael Downs, Director of Telecoms Security, EMEA, at Positive Technologies. "Therefore the security stakes rise enormously. Vulnerabilities in Diameter and GTP are already a headache for every mobile operator today, thanks in part to increased LTE roaming. With mass rollout of 5G expected by 2020, regular security audits will become a critical practice."

4G and 5G security audits take from two to four weeks, on average. At the end of the audit, the operator receives a detailed report with full list of found vulnerabilities and verified attack scenarios. Also included are expert recommendations for remediating the security issues, including a list of automated protection solutions. Mobile operators may also request a free pilot test of PT Telecom Attack Discovery to monitor the security of their signaling network.