3G networks | Breaking Cybersecurity News | The Hacker News

High impact vulnerabilities in modern communication protocol used by mobile network operators (MNOs) can be exploited to intercept user data and carry out impersonation, fraud, and denial of service (DoS) attacks, cautions a newly published research. The findings are part of a new Vulnerabilities in LTE and 5G Networks 2020 report published by London-based cybersecurity firm Positive Technologies last week. "This paper encompasses the results of security assessments performed during the 2018–2019 timeframe on behalf of 28 telecom operators in Europe, Asia, Africa, and South America." Called the GPRS Tunnelling Protocol ( GTP ), the affected Internet Protocol (IP)-based communications standard defines a set of rules governing data traffic over 2G, 3G, and 4G networks. It also forms the basis for GPRS core network and its successor Evolved Packet Core ( EPC ), thus making it possible for users to keep connected to the Internet while moving from one place to the ot...

New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked, according to research from the University of Birmingham with collaboration from the Technical University of Berlin. Researchers said that standard off-the-shelf equipment, such as femtocells, could be used to exploit the flaw, allowing the physical location of devices to be revealed. The 3G standard was designed to protect a user's identity when on a given network. A device's permanent identity, known as International Mobile Subscriber Identity (IMSI) is protected on a network by being assigned a temporary identity called a Temporary Mobile Subscriber Identity TMSI. The TMSI is updated regularly while the 3G networks are supposed to make it impossible for someone to track a device even if they are eavesdropping on the radio link. Researchers have discovered that these methods can easily be sidestepped by spoofing an IMSI paging reques...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...