smart-phone attacks and defenses discussion led by aaron isaki
TRANSCRIPT
Smart-Phone Attacks and Defenses
Discussion led by Aaron Isaki
Authors
Chuanxiong Guo Microsoft Research Helen J. Wang Microsoft Research Wenwu Zhu Microsoft Research
Asia
HotNets III
November, 2004
San Diego, CA
Definitions
Smartphone – Mobile device containing both cellular components and Internet access, with powerful computing components similar to those found on desktop PC’s.
Smartphone Operating Systems (OS) “covered” in this paper: Symbian, Windows Mobile/PocketPC, Palm, and embedded Linux.
Problem
Smartphones are interoperable between cellular networks and the Internet and have the potential to be dangerous conduits for threats from the Internet to the telecom infrastructure.
Bridging the Networks
Powerful Smartphone OSes
Provide access to cellular network with cellular standards such as GSM /CDMA and UMTS.
Access to the Internet with network interfaces such as infrared, Bluetooth, GPRS/CDMA1X, and 802.11; and use standard TCP/IP protocol stack to connect to the Internet.
Multi-tasking for running multiple applications simultaneously (except for Palm OS).
Data synchronization with desktop PCs. “Open” APIs for application development.
Increased Threat
Inevitable software vulnerabilities in complex OSes
Always-on vulnerability to Internet worms Smartphone user population likely to
exceed PC user population
History of Smartphone Attacks
Cabir, June 14, 2004 (Symbian OS worm)
Duts, July 17, 2004 (PocketPC virus) Mosquito dialer, August 6, 2004 (trojan
horse)
Cabir/Caribe Worm
Spread over Bluetooth Targeted Symbian Series 60 Proof of concept Messagebox payload, replication bug
drastically limited spreading
Cabir/Caribe
Duts
Proof of concept code Hand-written assembly for ARM
processors “This is proof of concept code. Also, i
wanted to make avers happy. The situation when Pocket PC antiviruses detect only EICAR file had to end ...”
Main Contribution
Presents a high-level outline of several attacks using smartphones on the telecom network
Telecom network was relatively safe Widespread convergence of Internet and
telecom networks on a single device increases threat to telecom networks
Main Ideas
Smartphones are the common link for the Internet and telecom networks.
Smartphones are portable computers and can be subverted to launch attacks on previously secure telecom networks.
Existing attacks that were successful on the Internet would cause much more damage and cost end users more.
Compromising Smartphones
“Attacks from the Internet” – viruses, trojans, or worms spread “the same way as PCs”
Infection from compromised PC during data synchronization
Peer smart-phone attack or infection (via Bluetooth or WiFi)
Malformed SMS text message [?]
Compromised Smartphone Attacks on Telecom Network
Base Station DoS Using eight smartphones for each GSM
carrier frequency can tie up a GSM base station
Call other phones, but do not answer the incoming call (to avoid being charged)
Ties up a time slot on each end for a minute, exhausting radio resources
Compromised Smartphone Attacks on Telecom Network
Call Center DDoS Using victims’ phones to remotely and
automatically place calls Significant numbers of zombie
smartphones would be needed to reach a cellular switch’s limited Busy Hour Call Attempts (BHCA) value
Compromised Smartphone Attacks on Telecom Network
Spam SMS Junk or marketing messages sent through
SMS Abundant SMS packages make it possible
to slip past owner’s notice “Good incentive to compromise
smartphones”
Compromised Smartphone Attacks on Telecom Network
Identity Theft and Spoofing Smartphones allow remote reading of SIM
card data International Mobile Subscriber Identity,
SMS history, and stored numbers the target
Attacker can use stolen identity
Compromised Smartphone Attacks on Telecom Network
Remote Wiretapping Passively record the conversations of their
owners Report back to spies Encrypt and tunnel the conversation with
other Internet traffic
Defenses
Smartphone Hardening Internet Side Protection Telecommunication Side Protection Cooperations between the Internet and
Telecom Networks
Smartphone Hardening
Attack Surface Reduction Turn off features not in use
OS Hardening Always display callee’s number Light up LCD display when dialing Export only security enhanced APIs to
applications Attacking actions should be easily
detectable by the smartphone user
Smartphone Hardening
Hardware hardening SIM Toolkit (STK) – API to securely load
applications to the SIM STK allows operator to provision services
directly to the SIM Combine STK and TCG’s Trusted Platform
Module (TPM) for hardware hardening
Internet Side Protection
Rigorous software patching Vulnerability-driven network traffic
shielding Smartphone ISPs (GPRS or CDMA)
should restrict Internet access unless devices are fully patched
Telecommunication Side Protection
Telecom traffic is highly predictable and well-managed (voice or SMS traffic only)
Abnormal blocking rates of base station or switch (DoS attack)
Abnormally high call-center load Abnormal end-user behavior
Telecommunication Side Protection Detecting abnormal end-user behavior will
require in-depth analysis Junk SMS messages can be detected the same
way as spam e-mail Methods exist to trace and limit smartphones
effectively Very expensive to put defenses into various
parts of telecom infrastructure Only a handful of telecom carriers, easy to
coordination between them
Cooperation between the Internet and Telecom Networks
Exchange known vulnerability and attack information to reduce vulnerable services
Advance knowledge of an attack on the other network can be passed along
Telecom’s blacklisted smartphones can be added to ISPs blacklists
Differentiating smartphones and other 802.11 clients
Assign unique IDs to all Internet wireless endpoints, creating a mapping between SIM IDs and Internet wireless IDs
Design smartphones to submit SIM IDs to APs for authentication
Modem-Equipped or VoIP-Enabled PCs
These PCs cannot access both networks simultaneously?
VoIP PCs lack SIM cards, so they cannot be spoofed
VoIP PCs send traffic through an IP-to-PSTN switch, which can limit rates
Smartphones are more popular?
Interoperation breaks design assumptions Telecom networks have dumb terminals
and intelligent networks The Internet is a dumb network with
smart endpoints The attacks listed were possible when
combining the smart endpoints with intelligent networks
Security must be considered before connecting any hardware to the Internet
Conclusions
Imminent danger of smartphone attacks against telecom infrastructure (privacy issues, identity theft, DoS)
Outlined some defense strategies Urge system architects to pay attention
to insecurity of the Internet when connecting new peripherals
Questions Left Open
With constant Internet available to smartphones today, how is this threat model changed?
Is Symbian Signed and Windows Mobile signed an effective countermeasure?
My thoughts
Paper was very light on details, perhaps to protect smartphone users?
What about smartphones attacking other smartphones or Internet sites?
Smartphone bandwidth now hundreds of times greater than when the paper was written
Greater threat posed by VoIP, which connects to the telecom network as well, but has less restrictions on what those computers can do.
Many more smartphones available, but much fewer viruses reported. Smartphone security doing its job?
My thoughts continued
Smartphone “Hardening” section was very weak. Code-signing with certificates now used
Clients today may run multiple SIM cards, or they could also swap them between multiple smartphones
Users would notice when their batteries died quickly or their bills came in
Smartphone Viruses evolve
2006 – Redbrowser.A Java Midlet sends SMS messages to a pay number while pretending to give free Internet over SMS (abusing J2ME)
Commercial Smartphone Spyware
Flexispy Hides from process list, no icon or UI Records details of voice calls, SMS
messages, GSM location info Hidden UI via special code Signed via Symbian Signed so no user
prompts
Flexispy Installation
Questions