5G Protocol Vulnerabilities Allow Location Tracking and DoS Attacks

Experts from AdaptiveMobile have published a report on new vulnerabilities in the 5G protocol that can be exploited to disable network segments (DoS attacks) and steal user data, including location information.

Network Slicing Mechanism at Risk

The identified issues are related to the 5G network slicing mechanism, which allows operators to divide their infrastructure into smaller blocks tailored for specific use cases (such as automotive, healthcare, critical infrastructure, entertainment, and more).

Hybrid Networks Are Especially Vulnerable

The discovered vulnerabilities can be exploited in hybrid mobile networks where 5G is mixed with older technologies. Such hybrid networks are expected to be common in the coming years as 5G gradually replaces previous generations. Attacks are possible due to flaws in the mapping between application and transport layer identifiers, allowing potential attackers to impersonate legitimate network functions in hybrid 5G environments.

Potential Attack Scenarios

If an attacker manages to compromise an operator’s edge network equipment, they could abuse 5G features to launch DoS attacks against other network segments or extract information from neighboring segments, including subscriber data like location. Researchers also warn that operator partners with access to certain network segments could misuse their privileges to attack other parts of the network.

Industry Response and Future Protection

AdaptiveMobile has already notified the 3GPP consortium (responsible for developing the 5G standard), the GSMA, and an industry group of mobile operators about these issues. Experts say that protecting against these attacks may require the development of major new features, which could be included in Release 17.

Release 17 (or Rel-17) is the upcoming version of the 5G standard, currently in development and expected to be released in mid-2022.