Tag the paid articles yo
Hmmm, how much were El Reg paid by Positive Tech to get its readers to hop on over and hand over their email addresses?
Either PT don’t understand the threat model for GTP, or they’re looking to sell some cruft. It’s a signalling and adaptation layer. It was never intended to provide security anymore than the Ethernet frames carrying my TLS packets to my banking app were.
If you’re using GTP over an insecure network you use IPSec. You don’t rewrite an entire spec (whilst clearly having little knowledge what it intends to and is required to accomplish). Jesus H chuffing Christ...
Believe me - the risk in telco ain’t GTP. You wanna pop some CNI go look at the management plane and see all the shitty home brew FTP, telnet, HTTP junk full of bugs.