Broad adoption of 4G mobile networks has simplified access to high-speed Internet for billions of users. However, more than smartphones, tablets, and computers are connecting to 4G en masse. The high speeds and minimum latency of LTE networks allow using them for building out the infrastructure of the Internet of Things. Analysts estimate that by 2022, the number of IoT devices connected to mobile networks will increase from 400 million to 1.5 billion.1 Thus the security of Smart City systems, self-driving connected cars, and other IoT technologies will partially depend on the security of today’s (4G) and tomorrow’s (5G and LTE-M) mobile networks. In 2016, Positive Technologies experts analyzed the security of 4G signaling networks. On all the tested networks, the experts found vulnerabilities caused by fundamental deficiencies in the Evolved Packet Core. The issues detected allow disconnecting one or more subscribers, intercepting Internet traffic and text messages, causing operator equipment malfunction, and carrying out other illegitimate actions. To exploit vulnerabilities in 4G networks, an attacker does not need hard-to-obtain tools or considerable skill.
This report details possible attack scenarios and lists the measures necessary to improve security.