CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Mobile & Wireless

Next Generation Mobile Networks Come with Next Generation Security Threats

While Long Term Evolution (LTE) networks bring the promise of relieving traffic jams for mobile operators, they also entail new security risks.

While Long Term Evolution (LTE) networks bring the promise of relieving traffic jams for mobile operators, they also entail new security risks.

Three items caught my eye in Deloitte’s document TMT (Technology media, Telecommunication) predictions for 2013. According to Deloitte, one billion smartphones will be shipped in 2013; Long Term Evolution (LTE) subscribers will triple; and more than 90 percent of user-generated passwords will be vulnerable to hacking in a matter of seconds.

Put differently, mobile carriers will continue struggling with the data traffic generated by smartphones; LTE networks’ fast mobile broadband will assist handling the exploding traffic; and as for security – mobile operators will have to learn how to handle the new threats. New Advanced Persistent Threats (APT) are emerging and mobile carriers and mobile user will find themselves struggling with similar APTs that we see at Enterprises today.

LTE Mobile NetworkNevertheless, password vulnerability is only one of many security challenges operators must face with mobile networks.

Six Security Risk with Data-Rich Mobile Networks

LTE, also known as mobile network 4th generation (4G), provides a solid infrastructure to deliver advanced, content-rich applications in real-time. Here are six security challenges that must be addressed to take advantage of LTE’s speed.

Always-on connectivity. The always-on connectivity of mobile networks is a catalyst to new mobile multi-vector threats. Not only are the core elements targeted as potential attack victims, but customers and their device endpoints are also considered targets at any given moment.

All-IP networks. As an all-IP network, LTE provides a superior service experience. However, this also leaves the radio and core elements such as MME, SGW and eNodeB exposed to threats from the Internet and from end customers.

LTE architecture. LTE is designed to collect traffic from multiple heterogeneous access types to the LTE evolved packet core (EPC). Traffic may arrive from WiMax, Wi-Fi offload solutions, FEMTO cells, and from legacy 2.5G and 3G networks. All such external traffic may risk network availability.

Advertisement. Scroll to continue reading.

Mobile app stores. Mobile app stores provide over 600,000 different applications for a range of smart phones. A malware or bot attack on an app store can spread swiftly and attack multiple entities: end customer devices, the mobile operator network (via DDoS attacks, DNS and application-level attacks), and enterprise networks (using BYOD trends).

Application and protocols. The vast variety of applications and protocols to which LTE networks are exposed means that in addition to TCP- or HTTP-based attacks, other types of threats must be addressed – control-plane attacks such as SIP related attacks (SPAM over Internet Telephony), invite floods, DIAMETER attacks, signaling storms, AVP normalization, MMS attacks, and DNS attacks, etc.

Lack of security standards. The lack of security standards or the absence of reference architectural framework leaves LTE networks exposed to a variety of attacks with no ability to identify and mitigate evolving mobile threats.

Adopting a More Comprehensive Security Strategy

To protect the network from overload and declining quality of service, mobile operators should consider adopting a new security approach – one that provides full visibility into subscriber behavior and applications, and enables responding in real-time to both known and unknown attacks. Not a trivial task with millions of subscribers.

More specifically, such a security approach would involve several key characteristics:

Detection. The core of a solution requires identifying abnormal client activity beyond normal thresholds in order to block malicious actions. Each network source-based flow must be automatically scored and compared to a network baseline, using evaluation parameters such as average connection per user, per application, or per user agent; connection length; connection errors, and more. Moreover, reputation based engine can provide additional information during the detection phase by identifying bad reputation websites and known ‘Command & Control’ sites where mobile apps might be infected with malware and viruses; thus preventing from the mobile apps to access those malicious content.

Characterization and classification. Abnormal activity must then be characterized, while distinguishing between different customers and applications. Why? Because the abnormal activity of one type of user or application may be considered legitimate traffic for another customer or another application. One relevant technology for both detection and classification of behavior is fuzzy logic, as it enables drawing definite conclusions from ambiguous or imprecise information. It can eliminate false positives, and create an adaptive expert system that requires minimal human intervention for the configuration of rules. Additionally, suspicious mobile apps should run on virtual sandbox whenever a suspicious activity is encountered to validate the legitimacy of the application.

Mitigation. In the mobile network context, both known and unknown attacks can be expected. Known attacks are usually characterized by a well-defined content signature that can be used to remove the threat quickly. However, when the attack is unknown (zero-minute attack), no signature exists. To block the attack, the behavioral-based security solution should be able to automatically create an attack signature using the parameters of the ongoing anomaly, and enforce counter measure actions to accurately mitigate the attack, without impacting legitimate users.

For Long Term Evolution networks not to fall short on security, mobile operators must realize the increased threats from malware, fraud, distributed denial of service (DDoS) attacks and many other attacks, and adopt more comprehensive and innovative security strategies.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...