Flaws in Diameter signalling protocol make all 4G networks prone to denial-of-service attacks

The protocol is used to authenticate message and information distribution in 4G networks

A security assessment of the Diameter signalling protocol performed by the researchers at Positive Technologies shows that all existing 4G networks are susceptible to denial-of-service (DoS) attacks.

According to researchers, this protocol is marred by several architectural flaws, which could allow hackers to launch targeted DoS attacks against 4G subscribers, track their location, and obtain their confidential information.

Diameter signalling protocol is a vital component in 4G networks. It is used to authenticate message and information distribution in 4G networks while also facilitating communication between the network elements of Internet Protocol.

In the current study, researchers attempted to infiltrate 28 telecommunications networks across Europe, Asia, South America, and Africa between 2018 and 2019 and reported success in each of their attempts.

They explored different types of attacks, including denial of service (DoS) attack, attempts to circumvent restrictions imposed by operators to allow fraudulent usage, and intercepting SMS.

DoS was found to be the easiest form of attack, facilitated by architectural flaws existing in the Diameter protocol.

"Every tested network was vulnerable to denial of service," the researchers revealed.

Test attacks resulted in dropped or slower Internet connections and prevented the subscriber from using the Internet. In some cases, the subscriber device was even downgraded to 3G mode.

Other flaws in the protocol allowed testers to track the location of the subscriber (in 89 per cent of the cases).

They also successfully obtained sensitive subscriber information and were able to bypass restriction on mobile services.

"In most cases, the testers successfully accessed subscriber profiles."

That happened because of telecommunication networks not paying attention "to consider the actual location of a subscriber when receiving signalling traffic from an external network".

The researchers caution that these security flaws will continue to exist in upcoming 5G networks, which are built on the top of existing 4G architecture and use the same LTE network core.

Because of the vulnerabilities, the 5G subscribers could see their service downgraded to insecure 3G networks.

"5G networks currently have the non-standalone architecture, which is based on 4G."

"Attempts to implement security as an afterthought at later stages may cost much more: operators will likely need to purchase additional equipment, at best. At worst, operators may be stuck with long-term security vulnerabilities that cannot be fixed later."