Firewall maker says Diameter signalling has some of the same vulnerabilities as SS7.
Telcos are racing to deploy 5G networks without paying due consideration to securing signalling networks, warned Evolved Intelligence on Thursday.
South Korea aims to have pre-standard 5G networks up and running in time for the 2018 Winter Olympics, while Japan has similar ambitions for the 2020 Summer Olympics.
"I understand the commercial targeting of big events for new technology, but it will put the operators in a vulnerable position if they launch 5G networks without the right level of security," said Peter Blackie, co-founder and commercial director of Evolved Intelligence.
It is worth noting that Evolved Intelligence sells firewalls for signalling networks, so it is in the company’s commercial interest to draw attention to security weaknesses in said networks.
That said, security problems with the Signalling System 7 (SS7) protocol, used to interconnect 2G and 3G mobile networks, were laid bare in May, when O2 Germany revealed that attackers were able to intercept two-factor (2FA) authentication codes sent in text messages to banking customers. This allowed the attackers to withdraw funds from the victims’ accounts.
5G networks won’t use SS7, but will instead use the Diameter signalling protocol, which handles signalling messages carried over IP-based networks.
According to Blackie, Diameter also has similar security issues to SS7.
"The technology underpinning Diameter will be more familiar to IT and computer hackers than the telecoms technology used in SS7," he warned.
He said it is vital that the industry ensures "that signalling security in 4G and 5G networks gets the attention it requires, and that we do not repeat the mistakes of the past."
"Making 5G a reality" – Join the panel discussion at this years’ Total Telecom Congress taking place in London on the 31 October – 1 November 2017. To book you place visit the website or to discuss participation options, call Chris Sedgwick on +44 (0)207 092 1187