GTP’s role in transferring data in the core mobile infrastructure makes it a potential ideal attack vector. To understand the security features for GTP we need to understand the risks that might compromise this protocol. Attacks can include Denial of Service (DoS) attacks that reduce network performance due to resource starvation and remote compromise attacks that allow an outsider to gain remote control of a critical device (for example – take control over a GGSN of PGW).
GTP-based attacks may have a wide range of business impact, based on the attacked devices’ vulnerability, ranging from service unavailability, compromise customer information, and gaining control over infrastructure elements, just to give a few examples.
Listed below are the main categories of GTP-based attacks:
- Protocol anomaly attacks are packets and packets formats that should not be expected on the GTP protocol. These can include malformed packets, reserved packets’ fields and types, etc.
- Infrastructure attacks are attempts to connect to restricted core elements, such as the GGSN, SGSN, SGW, PGW, ePDG, etc.
- Overbilling attacks results in customers charged for traffic they did not use or the opposite of not paying for the used traffic.