London, UK - 10 August 2023 -
Mobile operators need to reassess security
vulnerabilities in the key GTP (GPRS Tunnelling Protocol) protocol and bolster GTP security within their
networks as they continue to invest in and roll out 5G, according to
a new study by SecurityGen
global provider of security solutions and services for the telecom industry.
SecurityGen’s latest report titled - GTP
vulnerabilities: A cause for
concern in 5G and LTE networks.
based on 150 telecom security assessments of 39 live mobile networks during 2022 and
2023, found that nearly 77 per cent of networks had no cyber-security measures in place against
GTP-based attacks. Only 23 per cent had a high level of cyber-security measures to keep successful
GTP-based test attacks to a minimum.
“Despite its widespread use, the GTP mobile network protocol is not entirely secure and opens up
opportunities for attackers to intercept sensitive user data, engage in fraudulent activities, or
disrupt network services,” said Dmitry Kurbatov, co-founder and CTO of SecurityGen. “As we explored and
examined GTP’s security vulnerabilities, it became apparent that the protocol requires in-depth
consideration and robust mitigation strategies to block the potential threats more so in the 5G set-up.”
The study is based on the results of over 150 telecom security assessments by SecurityGen during the
last 12 months involving 39 mobile operators in 24 countries across the SEA, LATAM, and MEA regions. It
highlights the most critical GTP-related threats to raise awareness among mobile operators and
stakeholders of the hidden vulnerabilities within the protocol.
The SecurityGen assessments found that all of the tested networks exhibited some vulnerabilities in
their management of the GTP protocol:
- In 71 per cent of networks assessed, GTP-based test attacks on
subscriber information disclosure were successful Which can be used to impact
subscribers, perform other attacks, target other interfaces, radio interfaces and OS and network
- 62 per cent of networks assessed were vulnerable to fraudulent
activity involving the GTP protocol.
- 85 per cent of networks were susceptible to targeted attacks on
subscribers aimed at impeding or completely interrupting the functionality of data
- 46 per cent were vulnerable to network equipment
denial-of-service attacks. Using this vulnerability, an attacker can simultaneously
hinder network (Internet) connection for individual subscribers and many users via network
- User traffic interception was successful in 69 per
cent of the networks tested. By exploiting this vulnerability, an attacker can
direct all incoming traffic to their equipment by altering the nodes that process the user
“Throughout our assessments, we were surprised that not a single network was protected with a GTP
firewall. Even when mobile operators claimed to have a GTP firewall deployed, we could carry test
attacks successfully, as there was no functional GTP firewall in place,” commented Kurbatov. “This
suggests that either the GTP firewall was not actively operational, or its filtering rules were not
correctly configured or enabled.”
“Some mobile operators employ IP address filtering from non-roaming partners to incoming
traffic as a counter-measure – however, our simulated test attacks were still able to bypass this
technique. The deployment of a fully functional GTP firewall could significantly improve these
statistics and provide more robust protection against potential threats. Adopting advanced GTP firewall
solutions undoubtedly enhances the overall security of mobile networks and protects them against
multiple GTP attack vectors.”
Kurbatov continued, “The interconnected nature of 3G, 4G, and now 5G mobile networks across different
generations amplify the risks posed by GTP security vulnerabilities. Our research highlighted a worrying
lack of robust security measures across a significant proportion of the mobile networks we examined.
Despite ongoing efforts by the GSMA and individual mobile operators since 2017, we found that
comprehensive cyber-security measures are still not in place for the most part.
“The increasingly vital role of mobile technology in nearly every aspect of how we live and work means
that operators must regard effective cyber-security measures and policies that protect their networks
and mobile users as a commercial and operational priority. This includes a comprehensive GTP protection
strategy encompassing deployment of functional GTP firewalls, the application of GSMA-recommended
protections, the integration of intrusion detection systems, and the regular monitoring of all network
communication interfaces,” added Kurbatov.
“The findings of this study should serve as a wake-up call that spurs operators and the wider telecoms
industry to take action necessary to secure our interconnected digital future.”
The SecurityGen White Paper, the title - GTP vulnerabilities: A cause for concern in 5G and LTE
Founded in 2022, SecurityGen is a global company focused on telecom security. We deliver a solid
security foundation to drive secure telecom digital transformations and ensure safe and robust
network operations. Our extensive product and service portfolio provides complete protection against
existing and advanced telecom security threats.