4G networks, based on the Diameter signaling protocol, have a number of vulnerabilities, used by law-breakers to mount attacks associated with the location of mobile operators’ subscribers, interception of SMS messages, service denial and other illegal measures. This information is included in the report “Scenarios of Attacks on Signaling Infrastructure of the Fourth-Generation Mobile Networks”, drafted by experts at Positive Technologies.
The Diameter protocol standard initially provides for data protection capacities at both the network and transport level, but in fact, the application of these capacities far from always protects against the actions of dishonest employees, unauthorized access by national and foreign intelligence agencies, as well as legally operating companies and groups, which use their knowledge and potential to use vulnerabilities of signaling networks for silent surveillance and cyber espionage.
The Positive Technologies’s experts identify the following attack scenarios in a Diameter-based network, among others:
1 Disclosing subscribers’ location. This is one of the most common attacks in a Diameter-based network, which allow detecting the current location of any subscriber. The obtained information can be used both for searching for a person and for secret shadowing him.
2 Interception of SMS-messages. This is a very dangerous attack for subscribers in terms of two-factor authentication, based on confirmation of transactions via SMS, including when working with Internet banking. Using this vulnerability, an attacker can steal users’ money from bank accounts, while the bank treats it as a client’s legal action using two-factor authentication. The victim faces a virtual impossibility to appeal a transaction in this case.
3 DoS-attack on subscribers. A number of fundamental features of Diameter protocol implementation allow mounting a simple but quite efficient service denial attack (DoS) on one or many subscribers. Despite the simplicity and relatively small damage, in fact, these DoS attacks undermine subscriber’s confidence in operators, leading to financial losses in the long run.
4 DoS-attack on equipment of operators. These attacks can disrupt operators’ activities and cause a telecom services interruption not to one, but lots of subscribers of attacked operators.
5 Fraud. Diameter protocol-based networks can suffer from attacks, which allow attackers to get free telecom services, such as calls, SMS, data transmission at operators’ or other subscribers’ expense that leads to direct money losses of operators.
Let us recall that we featured before about the vulnerabilities in 4G VoLTE technology, identified by experts at P1 Security.