GTP’s role in transferring data in the core mobile infrastructure makes it a potential ideal attack vector. To understand the security features for GTP we need to understand the risks that might compromise this protocol. The business impact might vary in-between the different attacks from Denial of Service (DoS) attacks that hinders the capability of performing a legitimate operation due to resource starvation (for example - not being able to charge the customer for GPRS traffic use due to denial of service attack on the Charging GW) to remote compromise attacks that allows the hacker to have remote control of a critical device (for example – take control over a GGSN of PGW).
GTP-based attacks may have a wide range of business impact, based on the attacked devices’ vulnerability, ranging from service unavailability, compromise customer information, and gaining control over infrastructure elements, just to give a few examples.
Listed below are the main categories of GTP-based attacks:
- Protocol anomaly attacks are packets and packets formats that should not be expected on the GTP protocol. These can include malformed packets, reserved packets’ fields and types, etc.
- Infrastructure attacks are attempts to connect to restricted core elements, such as the GGSN, SGSN, SGW, PGW, ePDG, etc.
- Overbilling attacks results in customers charged for traffic they did not use or the opposite of not paying for the used traffic.