Attacks on 5G Infrastructure from User Devices: ASN.1 Vulnerabilities in 5G Core

Cyber Security Threat Summary:
In a recent report from TrendMicro, researchers delve into critical vulnerabilities and risks associated with 5G and its infrastructure. They take a particular focus on the control plane and the susceptibility of the NGAP protocol to ASN.1-related issues. The first part of the report reveals how GTP-U tunnels can be exploited by user devices, potentially leading to core network crashes. In the second part, the report discusses how attackers can leverage these vulnerabilities by disguising control messages as user traffic, resulting in the transition from the user plane to the control plane. The ramifications of these vulnerabilities are far-reaching, potentially causing operational disruptions, significant financial and reputational losses, and posing severe threats to vital infrastructure sectors that rely on 5G technologies. To address these concerns, the report provides recommendations for enhancing security, emphasizing the need for stringent access control, clear separation of control and data planes, and the responsible use of open-source software.

Security Officer Comments:
Vulnerabilities like this, when leveraged, allow attackers to disrupt network operations, potentially leading to outages and financial loss. Additionally, by disguising control messages as user traffic, attackers can infiltrate the control plane, enabling them to manipulate network components and potentially compromise data security. Such disruptions can also result in monetary and reputational damage as customers lose faith in the network's reliability. In critical sectors like defense, policing, and manufacturing, these vulnerabilities can have severe consequences, causing disruptions that lead to the production of faulty products and compromise the functionality of essential services. Furthermore, for organizations relying on private 5G networks, these vulnerabilities pose a risk of unauthorized access, potentially exposing sensitive data and compromising critical operations.

Suggested Correction(s):
TrendMicro recommends a multi-faceted approach to mitigate the vulnerabilities in 5G infrastructure. This includes strict access control to only allow trusted devices, a clear separation between the control and data planes to prevent unauthorized data access, responsible use of open-source software with prompt patching, and the use of Deep Packet Inspection (DPI) solutions that are aware of Cellular Technology (CT) specifications. Additionally, they advocate for layered security solutions like Trend Micro™ Mobile Network Security, which adds an extra layer of protection by ensuring authorized device usage and offering unified visibility and management for IT and CT security. These measures collectively enhance the security and resilience of 5G networks, safeguarding critical infrastructure and sensitive data from potential threats and attacks.