Freely subscribe to our NEWSLETTER

T-Mobile last week revealed that it had suffered a security breach in early January that compromised the data of 37 million customers. The hacker exploited an unprotected Application Programming Interface (API) to breach T-Mobile’s network and obtain a range of customer data, including addresses, phone numbers and dates of birth. In a statement, the operator said that its systems and policies prevented the most sensitive customer information – including financial data - from being accessed.

Commenting on the incident, Kurbatov said, “The T-Mobile breach is a timely reminder for mobile operators to have in place robust, wide-ranging cyber-security measures that monitor and safeguard every aspect of their networks and which protect their customers as well.”

“When it comes to protecting APIs, there are basic steps to follow,” he continued. “They include ensuring that all API calls are properly authenticated and authorized: validating all input data received by the API to ensure that it is in the correct format and does not contain any malicious code: limiting the amount of data exposed through a single API: and regularly testing APIs for vulnerabilities and security weaknesses.”

Kurbatov went on to explain why hackers target mobile operators. “Operators generate large revenues, serve millions of customers, and store and carry enormous volumes of data. It’s these factors that make them high-value targets for hackers and cyber criminals,” he said.

Last week’s news follows a similar incident in August 2021 when a hacker accessed the data of 7.8 million T-Mobile customers plus over 70 million former and prospective customers. Following the breach, the operator incurred a USD$350 million fine from the FCC and also agreed to spend USD$150 million to enhance its cyber-security. T-Mobile has also been the target for high-profile cyberattacks in 2020, 2019 and 2018.

“Even in instances such as this when no highly sensitive data is compromised, history tells us that the loss of personal information to a cyberattack undermines customers’ trust in their operator. Data theft is costly to operators - both in terms of damage to their brand and the legal fees they have to pay,” said Kurbatov.

Kurbatov continued, “Telecom security is an ongoing process that requires constant vigilance. Operator security teams must continually update their processes and policies to confront current risks and threats - and also prepare for new ones that are emerging with the growth of 5G and the ecosystems of third parties working together on 5G products and services. Because 5G networks provide an expanded range of services and connect an expanded number of devices, they offer an expanded attack surface for hackers to exploit.”

Earlier this month, SecurityGen shared its top cyber-security challenges for mobile operators for the coming year, including 5G’s vulnerability to attack.

“5G’s open architecture enables easy integration with other systems and technologies – but this also leaves 5G vulnerable and exposed to new threats and hidden vulnerabilities,” Kurbatov explained. “Operators also need to be wary of roaming traffic from non-standalone 5G and legacy networks. Although these threats originate from non-5G networks, they are still able to damage and disrupt 5G services.”

Other leading threats for operators identified by SecurityGen include cyberattacks from hostile states and organized crime groups and advanced ransomware attacks. SecurityGen is also calling for greater industry collaboration to encourage knowledge-sharing and to solve the current cyber-security skills shortage.