The introduction of next-generation technologies has made handsets the primary platform to perform a host of functions. This has resulted in an enormous amount of data being generated and transmitted over operator networks, thereby making them prone to privacy and security breaches. For instance, a hacker attack on France-based Orange Group’s network in 2014 resulted in the leaking and stealing of personal details of more than a million customers.

In recent years, telecom networks in India have also become a major target for hackers, putting at risk user-specific personal data and critical information including credit/debit card numbers. Further, the ready availability of information in data centres, mobile devices and cloud environments puts data security under the scanner while the new open telecom architecture is making it easier for hackers to breach networks and manipulate information. The number and usage of interconnected devices is also growing at a rapid pace in the country. These devices interact continuously with operator networks through services and applications, which makes them vulnerable to information theft.

Unfortunately, the majority of mobile network operators in India do not have visibility into malicious subscriber devices. Many international vendors believe that Indian telecom operators continue to induct imported and non-tested equipment into their networks, which poses a serious security hazard. Any disruption in the network signalling procedure, owing to a security breach, can result in an outage or a possible leakage of user data.

There have been cases where information security companies, while conducting random checks on operator networks, have found them to be extremely vulnerable, leaving their billing systems, backup servers, etc. at risk of being easily controlled due to weak passwords and flawed software and malware.

With the launch of 4G in India, such cases of security breach will only increase. According to telecom experts, data is comparatively more secure in 2G and 3G environments than in 4G, as security from the base station to the core and across the backhaul is not necessarily encrypted in the latter. 4G networks are believed to be more vulnerable to security attacks due to their open architecture and standards.

4G networks under threat

Currently, most service providers are directing their energy towards transitioning their networks from circuit-switched 3G technologies to fully IP-enabled, 4G end-to-end technologies. They are paying little heed to malicious activities that their networks may become subject to. There is a lack of awareness regarding the security threats associated with 4G, as these services are yet to gain mass scale. Barring Bharti Airtel, no other operator has launched 4G services on a big scale. Aircel’s service launch remains limited to a handful of cities in select circles. Since most operators are still planning their 4G deployments, the operational experience in this area remains limited, and thus, it is difficult to gauge the potential network threats at this point.

While devices will be the most vulnerable aspect of the 4G network, there will be several other external factors at play, which may put the security of 4G infrastructure in jeopardy. Hackers are likely to capitalise on the new wireless broadband attack surface, which is much larger than that of 3G. In the absence of aggressive countermeasures, criminal activities will end up consuming so much of 4G bandwidth that the user experience may end up being no better than that offered by 2G.

Data-capable smartphones and tablets, paired with large, wireless data pipes, are expected to attract significant attention from cybercriminal networks. 4G traffic is all-IP-based and travels directly from one mobile device to another within the wireless access point name, allowing for potential mobile-to-mobile attacks.

Aside from mobile malware, conventional attacks on operating systems will continue to be effective in the 4G space. This is because many devices such as desktops and laptops connect to wireless broadband through tethering, USB 4G sticks or 4G-enabled phones, which, in turn, offers an attack opportunity to hackers.

Another area that needs attention is the likely launch of voice over long term evolution (VoLTE) services. While operators will initially provide only data capacity on LTE, leaving voice to circuit-switched 3G networks, the arrangement will not be sustainable for long. Operators are likely to upgrade and migrate their networks to all digital as many of the applications in the internet of things will not function on legacy networks. This is also likely to result in the growth of malware and threats.

Mitigation strategies

As an increasing number of operators join the 4G bandwagon, the implementation of a robust strategy to protect 4G networks with multiple levels of security and authentication to protect data transmission across the network will become imperative.

In a bid to make LTE infrastructure more secure, operators must take steps to strengthen their nascent LTE infrastructure. To this end, they can design security into their LTE deployments. This will help in protecting 4G bandwidth from being used up for cybercriminal activities.

Taking proactive security measures would be beneficial for operators as these are easier to deploy and manage than post-roll-out solutions. Pre-planning security actions will decrease the instances of disruptions caused directly by an attack or indirectly due to the need to take infrastructure offline for security compliance. Security capabilities, when built into LTE, can offer significant savings for operators while ensuring robust infrastructure with a long life, which is also less prone to threats.