Carding 4 Carders
Professional
What is 5G-technological progress or a messenger of the cyber-apocalypse?
Fifth-generation (5G) networks and private 5G networks offer improved capabilities for various industries, providing high-speed connectivity and better security. The technology has attracted many new solution providers, including 5G core solutions. However, like any new technology, 5G has its own vulnerabilities that can cause serious problems for organizations that use the technology.
Trend Micro discovered vulnerabilities in the implementation of the Next Generation Application Protocol (NGAP), which is used to transmit control messages between the base station (gNodeB or gNB) and the 5G core. Problems with decoding messages in the protocol can cause network functions to fail, which in turn interrupts communication on the network.
Particular attention was drawn to the DoS vulnerability CVE-2022-43677 (CVSS: 5.5), which allows a hacker to cause a Denial of Service at the Control Plane through user hardware. The problem was partially resolved in May 2023, but Trend Micro specialists identified additional problems related to sending user messages.
A successful DoS attack on the core severely disrupts the connectivity of the entire network, which can have disastrous consequences in critical sectors such as defense, police, mining, and traffic management.
The attack was carried out through user hardware due to insufficient separation of the control and user levels (planes) of the network (Control and User Planes). Experts indicated that the interface is an ASN.1 was not reliable enough, and the control protocols used to analyze control plane messages were vulnerable to misformed messages.
The vulnerability was discovered in one of the most popular open-source implementations of the 5G core, called free5GC, which is used in commercial solutions by major core vendors for 5G networks. Exploiting existing bugs can lead to serious operational disruptions, financial and reputational losses, or even paralyze vital infrastructure for industries using 5G technologies.
To ensure the security of 5G networks, researchers recommend:
Fifth-generation (5G) networks and private 5G networks offer improved capabilities for various industries, providing high-speed connectivity and better security. The technology has attracted many new solution providers, including 5G core solutions. However, like any new technology, 5G has its own vulnerabilities that can cause serious problems for organizations that use the technology.
Trend Micro discovered vulnerabilities in the implementation of the Next Generation Application Protocol (NGAP), which is used to transmit control messages between the base station (gNodeB or gNB) and the 5G core. Problems with decoding messages in the protocol can cause network functions to fail, which in turn interrupts communication on the network.
Particular attention was drawn to the DoS vulnerability CVE-2022-43677 (CVSS: 5.5), which allows a hacker to cause a Denial of Service at the Control Plane through user hardware. The problem was partially resolved in May 2023, but Trend Micro specialists identified additional problems related to sending user messages.
A successful DoS attack on the core severely disrupts the connectivity of the entire network, which can have disastrous consequences in critical sectors such as defense, police, mining, and traffic management.
The attack was carried out through user hardware due to insufficient separation of the control and user levels (planes) of the network (Control and User Planes). Experts indicated that the interface is an ASN.1 was not reliable enough, and the control protocols used to analyze control plane messages were vulnerable to misformed messages.
The vulnerability was discovered in one of the most popular open-source implementations of the 5G core, called free5GC, which is used in commercial solutions by major core vendors for 5G networks. Exploiting existing bugs can lead to serious operational disruptions, financial and reputational losses, or even paralyze vital infrastructure for industries using 5G technologies.
To ensure the security of 5G networks, researchers recommend:
- Strictly regulate and manage the registration and use of SIM cards.
- Ensure a clear separation of control and user planes.
- Regularly update critical infrastructure nodes, as well as use multi-level security solutions that combine IT and communication security technologies to prevent unauthorized use of private networks and ensure the continuity and reliability of the industrial ecosystem.
