Gabriele Lieser
CUSTOMER SUCCESS MANAGER
Summary
As the dazzling new world of 5G approaches, there is a chance to address the flaws of a long-standing technology: GTP, the GPRS Tunneling Protocol. It is used to transmit user data and control traffic in 2G, 3G and 4G networks, and will also be used as part of 5G. MNOs would want to confirm that the GTP/IP traffic coming into the home network is associated with the visited networks correctly first. Thus, attacks over this protocol can be detected quickly and, more crucially, be prevented. Today, our tools already simplify and validate the configuration of every roaming network node to help MNOs block any unwanted or unauthorized traffic.
Ah, 5G, what promising associations it evokes in our brains in these exciting times of change. Ultrafast speeds, lower latency, higher connection density, increased bandwidth: a beautiful new world lays ahead. However, just like any system that has been built on top of another system, certain weaknesses are being dragged from one stage to the other. As with any complex telecoms protocol, it contains some flaws that can make it easier for attackers to gain access to user data, commit fraud and cause denial-of-service incidents. Disastrous effects can be the result for millions of subscribers, resulting in loss of revenue and churn. Additionally, there is the potential for disrupting connected IoT networks, such as hospitals, city infrastructures or critical industries like energy production or agriculture.
In RoamsysNext Insights our experts share their views on extensive industry topics and possible solutions we can offer.
GTP and 5G stick together
Right now, 5G is mostly deployed in the non-standalone (NSA) model, where the 5G NR (New Radio) is rolled out but over the existing 4G/LTE EPC (Evolved Packet Core). This means that as long as we are dealing with this deployment model for 5G networks, the GTP protocol remains a vulnerability and attack vector. These security vulnerabilities need to be tackled because only MNOs who can steadily deliver high network performance can satisfy the expectations of their data-hungry subscribers.
GSMA Members have expressed concerns regarding these vulnerabilities as the GTP does not feature strong integrated security mechanisms. The results of their research are summarized in the FS.20 document “GTP security” which also serves as a guideline for protecting against attacks over GTP. According to their findings, GTP suffers from similar attacks as SS7 and Diameter, such as subscriber information disclosure, DoS (Denial of Service), network overload and fraud.
Major flaws of GTP
Its major flaw, and the main reason for successfully conducted attacks, lies in its inability to check the user’s location. It is not easy for network nodes in the home network to determine whether incoming traffic from a subscriber is legitimate, i. e. if the subscriber really could be roaming on the guest network. The default check of the subscriber identity on S-GW (Serving Gateway) or SGSN (Serving GPRS Support Node) is unsatisfactory.
Cross-protocol location tracking
This problem can be solved by cross-protocol location tracking to check the subscribers’ activity by using SS7 or Diameter. Ultimately, the roamed location is determined first by SS7 or Diameter signaling for registering in the visited network. They send the GTP details down to the visited network and the GTP tunnels are set up then. If a GTP/IP Firewall only looks at GTP traffic to determine if the packets from that visited network are valid and associated with an outbound roamer, then they need to correlate with SS7 or Diameter signaling. In order to detect attacks over this protocol quickly, MNOs would want to confirm that the GTP/IP traffic coming into the home network is associated with the visited networks correctly first, so configuration errors must be kept at bay.
Configuration errors – take a hike!
Some of the GTP’s security issues will prevail after the shift to 5G Standalone, though. In order to prevent attacks, transparency in traffic to the highest possible extent is key. Configuration errors must be avoided at any cost, especially considering the complexity of both LTE and 5G roaming networks. This is the first and most important task for the network and security team because attackers discover misconfigurations very quickly and exploit them to their benefit. As roaming partner configurations change over time, the validation and updates of these configurations is key to ensuring the doors and windows to your network are closed.
Room for improvement within the company
But not only technical reasons make fraud detection a challenge: sometimes, the cause of non-transparency and incoherent fraud prevention is embedded within the company. Sometimes, the team dealing with the core network and the team dealing with the equipment such as routers and firewalls is managed separately, and collaboration is unbudgeted.
Prevention is better than cure
Competition within the industry becomes increasingly vicious. Subscribers are not willing to endure and will swap quickly if network performance is unsatisfactory. Identifying dubious requests, reducing reaction time, building on fast “data trust indicators”, and instantly being able to block incidents can be a big leap forward to save considerable amounts of money and protect your network on a solid and consistent basis. That is why MNOs need to take swift and decisive measures to optimize GTP, both today as well as in view of the forthcoming 5G era. One thing is as sure as eggs is eggs: fraud will not disappear in the future as well as GTP won’t vanish either.
Validate your configurations
Already today, our tools simplify and validate the correct configuration of every roaming relevant network element. This helps MNOs to block any unwanted or unauthorized traffic with very little effort. It certainly is an easy-to-use application to increase efficiency, transparency, and enhance resource management, and we continuously optimize our applications to serve our customers even better. Likewise, we are increasingly keeping an eye on upgrading security aspects. Since we are experienced in developing the InfoCentre RAEX Tools application on behalf of the GSMA, our tools are fully compliant and can be most easily implemented and aligned to your specific requirements. Talk to us, we will listen to you.
Gabriele Lieser joined RoamsysNext in 2020 as Customer Success Manager to strengthen the bonds with our increasing number of customers and to support the marketing team. Gabriele has a strong background in corporate sales. She studied at the Universities of Trier (Germany) and Manitoba (Canada) and is incorporated in the RoamsysNext Client Service team.
“The team is a crucial asset”
It has been an exciting year for RoamsysNext. And as 2023 is coming to an end, we took the opportunity to talk with CEO Michael Grasmück about the past year, the growing team that becomes more and more international, and the comeback of an industry institution.
15 years of RoamsysNext – Driving Global Connectivity
RoamsysNext turns 15, so we talked with CEO Michael Grasmück about the anniversary, the early years, the move to Luxembourg and the future within the fast-developing roaming industry.
The new age of the IR.21 – Be ready for the full automation!
The new RAEX IR.21 schema will be released early 2023 with great changes coming that allow us to revolutionize the way we work with the IR.21 data.
Reporting at a glance: The RoamsysNext Dashboards
The RoamsysNext tools offer many reporting functionalities of which the dasboards play an important role. Learn more about using them in practice to identify bottlenecks, visualize your team's performance and bring a smile to your management's faces.
End-2-End-Automation with Network Configuration Optimizer
The RoamsysNext Network Configuration Optimizer is the perfect solution to make the shift from manual processing to more and more automated processing, with the option to move to full automation. Let's see how it works.
From Roamsys to RoamsysNext
Sixteen months ago, Roamsys relaunched and became RoamsysNext. Time to look back to a year we never expected to happen.
How to Stay Secure
What can MNOs do to stand up to the ever-growing tide of telecom fraud and protect their assets? Stay alert, use great tools, collaborate with other market players, and take the fight to the fraudsters.
Telecom Fraud Hurts
Telecom fraud is a rapidly growing area that has serious effects on national critical infrastructure (civil, healthcare, energy, agriculture...) and wider industrial processes.
The GSMA MISP – How Does it Help?
Malware information sharing and threat intelligence sharing has unbeatable benefits that make any caveats and challenges look small in comparison.
The Experts behind RoamsysNext Insights
RoamsysNext Insights has a growing fan base due to its substantial reports. With a wide variety of great information and exciting insights, they inspire beginners as well as professionals.
How to Treat 2G and 3G Closures without Becoming an Archivist?
As we are entering the era of 5G, legacy networks are in a state of flux and lose significance. This blog is about how the sunsetting of 2G and 3G networks will impact mobile communication.
How to Choose a Signaling Firewall Wisely
In times of global turbulences and increasing fraud attacks the decision for a sophisticated signaling firewall becomes more and more a priority. Some general considerations help to narrow down the choice.
Identity Fraud in Telecom
Identity fraud robs people of their virtual existence; it costs time, money and nerves. But there are countermeasures that help.
How to Tackle the Challenges in Combating Telecom Fraud
Telecom fraud can have dire effects on critical infrastructure and always causes painful loss of revenue. See how the industry's joint efforts tackle the challenges in combating telecom fraud.
Face the Breach: Rehearse an Emergency Before it Happens
In case of a breach, most companies are poorly prepared to take quick action. Have a look at some ideas on how to make the best of a difficult situation and save valuable time.
Working from Home during a Global Pandemic
Due to the broad introduction of remote working, businesses need to rethink their current cyber security measures and consider how they need to be adapted or further developed.
The Future of Roaming Trainings – An interview with Milja Hofman, CEO Roamingwise
Roamingwise is a well-known provider of roaming trainings, seminars and consultancy in a variety of international roaming topics. In our interview, CEO Milja Hofman reveals how she prepares professionals to drive the roaming world.
Historical Fraud Incidents and Lessons to be learned
In the course of history, no era is free from the practice of deception for personal benefit. Let’s have a look at what we can learn from historic fraud cases from ancient Greece to modern times.
Two-Factor Authentication rules!
For some time now, we have introduced 2FA and have contributed our share to provide more secure access to our tools. Norbert Becker, Head of Software Development, picks up the thread and provides engaging insights into his area of responsibility.
Introducing: The RoamsysNext Network Configuration Optimizer
Learn how the RoamsysNext Network Configuration Optimizer enables MNOs to switch safely to full automation and growing roaming revenues by providing effective and secure data management of all roaming related business information.
Introducing: The RoamsysNext Wholesale Roaming Manager
The RoamsysNext Wholesale Roaming Manager provides powerful collaboration and reporting tools for all roaming partner relationships by converging everything from service openings to the user’s roaming footprint, test SIM cards and tariffs, document and contact management.
Don’t fear the breach – three more ways to avoid configuration errors
Three ways to bliss: take bold measures to automate processes as much as you can, check your firewall’s security logs regularly and enforce centralized authentication mechanisms.
We’re in this together
In the second part of our interview with Alexandre De Oliveira, POST Luxembourg Cyberforce, he highlights major pain points in fraud detection and stresses the importance of global information sharing via the GSMA T-ISAC initiative.
Mastering today’s Fraud Landscape
Learn how Alexandre De Oliveira’s team at POST Luxembourg Cyberforce is mastering today’s fraud landscape with penetration tests, security assessments, the Telecom Intrusion Detection System (TIDS) and the Telecom Security Scanner (TSS).
How to avoid configuration errors
Hardening the network is a good way to get configuration errors under control. Introducing smart firewall rules and consistently updating these rules can be very time-consuming, but it’s a crucial measure to be taken.
From customer request to feature
In our newest “RoamsysNext Insights”, David Houstek and Adrian von Wendt elaborate on our customer focused production processes.
Making a Stand against Fraud
In an insightful interview, our CTO, Hendrik Hoehndorf, speaks about further GSMA initiatives on fraud detection and prevention such as the MISP (Malware Information Sharing Platform) and T-ISAC (Telecommunication Information Sharing and Analysis Centre).
Cyber security and fraud prevention – the GSMA approach
How does the GSMA approach cyber security, fraud detection and prevention? Look at the incredible useful tools and informations they provide with the Fraud and Security Group (FASG) and documents on best practice countermeasures.
How insecure GTP makes LTE and 5G networks vulnerable
GTP will still have an impact on 5G. Our tools can help to identify dubious requests faster, reduce reaction times and block incidents in a fraction of time.
How bad can it get? Signaling attacks strike the heart of each MNO
This blog is about how correct data is key to ensuring that mobile communication is of trustworthy origin, especially in case of signaling attacks. Notably, the roaming industry has to take action for data verification.
Grey Routes, Spam, Smish – funny words but nothing funny about SMS Fraud
SMS enjoys the reputation of being a safe channel for communication. But as any system, it is prone to abuse. We show you what needs to be done.
4 more Types of Telecom Voice Fraud MNOs are vulnerable to
Voice fraud is known as one of the top inter-carrier fraud cases, and in order to expose them, time and reliable data is crucial. This article shows that prevention is key to make sure that legitimate traffic is not obstructed.
Three Types of Telecom Voice Fraud that can destroy businesses
This issue shines a light on the variety of security breaches and fraud incidents: A cabinet of horrors.
Problems with telecom fraud? How big the issue really is. And how we can help
Fraud and security issues cause considerable problems within mobile network operators. But we are here to help.
Let’s talk about data quality
Most fraud and security issues are caused by misconfigured network nodes. This article shows, how RoamsysNext treats this problem on their quest for data quality.