“Long-standing vulnerabilities” in 5G’s core protocols make the network insecure

by | December 21, 2020 | Cybersecurity News

The European Union recognizes that the network’s security can be improved and wants to control it more closely.

Security research company Positive Technologies reported that pre-existing vulnerabilities open the door for attacks on smartphone users.

“The stack of technologies in 5G potentially leaves the door open to attacks on subscribers and the operator’s network. Such attacks can be performed from the international roaming network, the operator’s network, or partner networks that provide access to services,” 

Positive Technologies

It turns out that the HTTP/2 protocol, used for vital network communications, has flaws that allows attackers to run all sorts of cyber attacks on mobile phone users. The research company reported that denial-of-service, man-in-the-middle and network service impersonation are just a few of the attacks that are possible by exploiting these vulnerabilities.

Around the same time, ENISA – the EU cybersecurity agency – published an in-depth report about 5G’s security, detailing the most critical vulnerabilities that need to be fixed. ENISA concluded that it needs to play a more significant role in 5G’s security, stating that it’s essential that the EU participates in defining and implementing security standards across the 5G Networks.

“So the big question right now for all of the telecoms, for security teams [and] for security researchers is how it will look like and what will be the security situation with 5G after the transition [from 4G LTE networks] is over?”

Positive CTO Dmitry Kurbatov

Check the source.


Read More

    Attribution:

    Photo by Julian on Unsplash

    by ATTACK Simulator

    April 2021 Release
    April 2021 Release

    Our latest release comes packed with amazing features, like SMiShing simulations, Sender Identity and many more.

    There’s no reason to postpone training your employees

    Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.