4G mobile networks are inherently less secure than 3G networks and other mobile protocols, security experts have warned
The UK will soon become the third largest 4G market in Europe, with nearly 8 million people connected, but with growing 4G adoption there are greater risks to privacy and personal data than ever before, experts warn.
A major new threat to mobile users comes from the switch to IP (Internet Protocol), according to security firm Cloudmark. 4G mobile networks are all-IP, whereas 3G networks are a combination of IP and mobile signalling protocols (SS7).
IP is much more open and well-known than the more obscure mobile protocols of the past, and has been successfully exploited by hackers for many years, opening up a number of potential threats.
For example, mobile operators will soon be launching new services on top of 4G, including voice and video conferencing. This means that hackers targeting the IP network could potentially gain access to your voice and video calls if they are not encrypted.
There could also be a huge increase in the sophistication and array of spam and phishing attacks, according to Cloudmark, offering hackers new methods to communicate such as through ‘video spam’ attacks.
“Hackers are generally well-versed in IP, so the attack surface is much greater than with the proprietary stuff,” said Neil Cook, chief technology officer at Cloudmark.
“A lot of people don’t realise that the SIM card in your phone is so much more secure than an internet-enabled service where you just use usernames and passwords that get compromised continuously.”
Cook claims that 4G is “inherently less secure” than previous mobile protocols. Before 4G, all voice and data traffic between the user’s device and the core of the network was encrypted and tightly-controlled by the mobile operator.
Now, with 4G technology, encryption is only mandatory over the main Radio Access Network (RAN). The ‘backhaul’ portion of the network is unencrypted by default, leaving it potentially vulnerable to hackers.
In Europe, where a lot of the mobile traffic travels over leased lines, most – but not all – operators do encrypt the backhaul traffic on their own networks, using a technology called IPsec.
UK mobile operators EE and O2 confirmed that they do provide IPsec encryption on the backhaul from all of their 4G cell sites. Vodafone and Three were contacted by The Telegraph but did not respond to a request for comment.
In the United States, it is common practice for operators to leave their backhaul traffic unencrypted, as most of the operators own their network infrastructure, so they are more confident it is secure.
“Many operators around the world, including some in Europe, have chosen to deploy 4G leaving the traffic between the core network and some or all of their cell sites un-encrypted,” said Patrick Donegan, senior analyst at Heavy Reading.
In order to gain access to unencrypted backhaul data, hackers would usually need to gain physical access to the network. Most mobile base stations are surrounded by a high fence, and are therefore well protected.
However, with increasing demand for ubiquitous connectivity, there has been an increase in the number of micro-cells located ontop of buildings and attached to lamp posts, making them much more accessible to attackers.
“You can get a micro-cell on a lamp post, for example, and if you weren’t encrypting that data then someone could take a tap off that,” said Cook. “You can also get signal boosters for your house now, so if someone was able to get physical access to that, it could be vulnerable.”
4G is also a key enabling technology for the ‘internet of things’, as it not only offers fast, reliable IP communication to devices that are required to be mobile, but it is also ideal as a replacement for wired internet connections in many cases.
Personal firewalls are commonly used to protect PCs, however there is currently not the same level of protection available to prevent your wristwatch, your car, your thermostat or your babycam from being broken into.
Cook said that one of the biggest risks is for consumers to use unencrypted services and apps. WhatsApp, for example, have been criticised in the past for having poor encryption, and other messaging apps have similar vulnerabilities.
In the future, instant messaging apps are set to become interoperable, so that instead of WhatsApp users only being able to message other Whatsapp users, they will be able to instant chat across different chat networks.
However, since any one mobile operator can only police its own environment, this could expose it to incoming malicious traffic from those among its partners they have poor security practices.
4G devices that have been infected with malware and are under the control of hackers could also become part of a ‘botnet’, and be used to conduct more advanced attacks, due to the increased bandwidth of 4G.
“If you’ve got devices that have been compromised they can be used to launch DDoS (Distributed Denial of Service) attacks,” said Cook. “On 3G that might not be so bad, but when you’ve got the much higher bandwidth of 4G, the potential effects of that can be much more devastating.”
Cook admits that it is difficult for consumers to know whether or not the mobile services they are using are encrypted. When using internet services, he recommends checking that the web address begins with HTTPS, but it can be less obvious with mobile apps.
“Consumers have to become more aware and demand encryption, because what guarantees do they have from all these apps they’re downloading?,” he said.
“They’ve got no idea about the capabilities or integrity of the people who run these apps. All the app stores do is check that they’re not malicious; they don’t check the financials of the companies, or what they’re doing with your personal data.”