Diameter vulnerabilities exposure report 2018
4G networks are gaining popularity everywhere, providing subscribers with high-quality service and protecting transmitted data. What is meant by data protection in telecommunications networks? What threats are concealed in everyday mobile communications, and what is the difference between 4G networks and previous network generations in terms of information security? To transfer service data (during a voice call, for instance), 2G/3G networks used SS7, which was developed back in the days when security was not top of mind. As a result, the SS7 system is exposed to a number of vulnerabilities that we have repeatedly discussed; for example, it would be quite easy for an attacker to intercept subscriber SMS or eavesdrop on conversations. SS7 was replaced in 4G networks by the Diameter protocol, which is used to perform most service tasks.
Nevertheless, the Diameter protocol is by no means fully secure. Fraud, SMS interception, denial of service, and other threats are still pressing. Moreover, 4G subscribers are still largely tied to previous-generation networks, since most mobile operators currently use 4G only for Internet access, while for SMS or voice services 3G is deployed. This study considers some practical examples of attacks that could be carried out in Diameter networks, and explores how much safer these networks are compared to SS7.