Attackers can exploit vulnerabilities in new 5G networks to steal subscriber data and impersonate users
Positive Technologies has published its “5G standalone core security assessment”. The report discusses vulnerabilities and threats for subscribers and mobile network operators, which stem from the use of new standalone 5G network cores. The vulnerabilities in protocols HTTP/2 and PFCP, used by standalone 5G networks, include the theft of subscriber profile data, impersonation attacks and faking subscriber authentication.
Mobile operators are currently running non-standalone 5G networks, which are based on previous-generation 4G LTE infrastructure. These non-standalone 5G networks are at risk of attack because of long-standing vulnerabilities in the Diameter and GTP protocols, which were reported on by Positive Technologies earlier this year. Operators are gradually migrating to standalone infrastructure, but this also has security considerations of its own. Gartner expects 5G investment to exceed LTE/4G in 2022 and that communications service providers will gradually add standalone capabilities to theirnon-standalone 5G networks.