smart-phone attacks and defenses discussion led by aaron isaki
TRANSCRIPT
![Page 1: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/1.jpg)
Smart-Phone Attacks and Defenses
Discussion led by Aaron Isaki
![Page 2: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/2.jpg)
Authors
Chuanxiong Guo Microsoft Research Helen J. Wang Microsoft Research Wenwu Zhu Microsoft Research
Asia
HotNets III
November, 2004
San Diego, CA
![Page 3: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/3.jpg)
Definitions
Smartphone – Mobile device containing both cellular components and Internet access, with powerful computing components similar to those found on desktop PC’s.
Smartphone Operating Systems (OS) “covered” in this paper: Symbian, Windows Mobile/PocketPC, Palm, and embedded Linux.
![Page 4: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/4.jpg)
Problem
Smartphones are interoperable between cellular networks and the Internet and have the potential to be dangerous conduits for threats from the Internet to the telecom infrastructure.
![Page 5: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/5.jpg)
Bridging the Networks
![Page 6: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/6.jpg)
Powerful Smartphone OSes
Provide access to cellular network with cellular standards such as GSM /CDMA and UMTS.
Access to the Internet with network interfaces such as infrared, Bluetooth, GPRS/CDMA1X, and 802.11; and use standard TCP/IP protocol stack to connect to the Internet.
Multi-tasking for running multiple applications simultaneously (except for Palm OS).
Data synchronization with desktop PCs. “Open” APIs for application development.
![Page 7: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/7.jpg)
Increased Threat
Inevitable software vulnerabilities in complex OSes
Always-on vulnerability to Internet worms Smartphone user population likely to
exceed PC user population
![Page 8: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/8.jpg)
History of Smartphone Attacks
Cabir, June 14, 2004 (Symbian OS worm)
Duts, July 17, 2004 (PocketPC virus) Mosquito dialer, August 6, 2004 (trojan
horse)
![Page 9: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/9.jpg)
Cabir/Caribe Worm
Spread over Bluetooth Targeted Symbian Series 60 Proof of concept Messagebox payload, replication bug
drastically limited spreading
![Page 10: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/10.jpg)
Cabir/Caribe
![Page 11: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/11.jpg)
Duts
Proof of concept code Hand-written assembly for ARM
processors “This is proof of concept code. Also, i
wanted to make avers happy. The situation when Pocket PC antiviruses detect only EICAR file had to end ...”
![Page 12: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/12.jpg)
Main Contribution
Presents a high-level outline of several attacks using smartphones on the telecom network
Telecom network was relatively safe Widespread convergence of Internet and
telecom networks on a single device increases threat to telecom networks
![Page 13: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/13.jpg)
Main Ideas
Smartphones are the common link for the Internet and telecom networks.
Smartphones are portable computers and can be subverted to launch attacks on previously secure telecom networks.
Existing attacks that were successful on the Internet would cause much more damage and cost end users more.
![Page 14: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/14.jpg)
Compromising Smartphones
“Attacks from the Internet” – viruses, trojans, or worms spread “the same way as PCs”
Infection from compromised PC during data synchronization
Peer smart-phone attack or infection (via Bluetooth or WiFi)
Malformed SMS text message [?]
![Page 15: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/15.jpg)
Compromised Smartphone Attacks on Telecom Network
Base Station DoS Using eight smartphones for each GSM
carrier frequency can tie up a GSM base station
Call other phones, but do not answer the incoming call (to avoid being charged)
Ties up a time slot on each end for a minute, exhausting radio resources
![Page 16: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/16.jpg)
Compromised Smartphone Attacks on Telecom Network
Call Center DDoS Using victims’ phones to remotely and
automatically place calls Significant numbers of zombie
smartphones would be needed to reach a cellular switch’s limited Busy Hour Call Attempts (BHCA) value
![Page 17: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/17.jpg)
Compromised Smartphone Attacks on Telecom Network
Spam SMS Junk or marketing messages sent through
SMS Abundant SMS packages make it possible
to slip past owner’s notice “Good incentive to compromise
smartphones”
![Page 18: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/18.jpg)
Compromised Smartphone Attacks on Telecom Network
Identity Theft and Spoofing Smartphones allow remote reading of SIM
card data International Mobile Subscriber Identity,
SMS history, and stored numbers the target
Attacker can use stolen identity
![Page 19: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/19.jpg)
Compromised Smartphone Attacks on Telecom Network
Remote Wiretapping Passively record the conversations of their
owners Report back to spies Encrypt and tunnel the conversation with
other Internet traffic
![Page 20: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/20.jpg)
Defenses
Smartphone Hardening Internet Side Protection Telecommunication Side Protection Cooperations between the Internet and
Telecom Networks
![Page 21: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/21.jpg)
Smartphone Hardening
Attack Surface Reduction Turn off features not in use
OS Hardening Always display callee’s number Light up LCD display when dialing Export only security enhanced APIs to
applications Attacking actions should be easily
detectable by the smartphone user
![Page 22: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/22.jpg)
Smartphone Hardening
Hardware hardening SIM Toolkit (STK) – API to securely load
applications to the SIM STK allows operator to provision services
directly to the SIM Combine STK and TCG’s Trusted Platform
Module (TPM) for hardware hardening
![Page 23: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/23.jpg)
Internet Side Protection
Rigorous software patching Vulnerability-driven network traffic
shielding Smartphone ISPs (GPRS or CDMA)
should restrict Internet access unless devices are fully patched
![Page 24: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/24.jpg)
Telecommunication Side Protection
Telecom traffic is highly predictable and well-managed (voice or SMS traffic only)
Abnormal blocking rates of base station or switch (DoS attack)
Abnormally high call-center load Abnormal end-user behavior
![Page 25: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/25.jpg)
Telecommunication Side Protection Detecting abnormal end-user behavior will
require in-depth analysis Junk SMS messages can be detected the same
way as spam e-mail Methods exist to trace and limit smartphones
effectively Very expensive to put defenses into various
parts of telecom infrastructure Only a handful of telecom carriers, easy to
coordination between them
![Page 26: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/26.jpg)
Cooperation between the Internet and Telecom Networks
Exchange known vulnerability and attack information to reduce vulnerable services
Advance knowledge of an attack on the other network can be passed along
Telecom’s blacklisted smartphones can be added to ISPs blacklists
![Page 27: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/27.jpg)
Differentiating smartphones and other 802.11 clients
Assign unique IDs to all Internet wireless endpoints, creating a mapping between SIM IDs and Internet wireless IDs
Design smartphones to submit SIM IDs to APs for authentication
![Page 28: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/28.jpg)
Modem-Equipped or VoIP-Enabled PCs
These PCs cannot access both networks simultaneously?
VoIP PCs lack SIM cards, so they cannot be spoofed
VoIP PCs send traffic through an IP-to-PSTN switch, which can limit rates
Smartphones are more popular?
![Page 29: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/29.jpg)
Interoperation breaks design assumptions Telecom networks have dumb terminals
and intelligent networks The Internet is a dumb network with
smart endpoints The attacks listed were possible when
combining the smart endpoints with intelligent networks
Security must be considered before connecting any hardware to the Internet
![Page 30: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/30.jpg)
Conclusions
Imminent danger of smartphone attacks against telecom infrastructure (privacy issues, identity theft, DoS)
Outlined some defense strategies Urge system architects to pay attention
to insecurity of the Internet when connecting new peripherals
![Page 31: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/31.jpg)
Questions Left Open
With constant Internet available to smartphones today, how is this threat model changed?
Is Symbian Signed and Windows Mobile signed an effective countermeasure?
![Page 32: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/32.jpg)
My thoughts
Paper was very light on details, perhaps to protect smartphone users?
What about smartphones attacking other smartphones or Internet sites?
Smartphone bandwidth now hundreds of times greater than when the paper was written
Greater threat posed by VoIP, which connects to the telecom network as well, but has less restrictions on what those computers can do.
Many more smartphones available, but much fewer viruses reported. Smartphone security doing its job?
![Page 33: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/33.jpg)
My thoughts continued
Smartphone “Hardening” section was very weak. Code-signing with certificates now used
Clients today may run multiple SIM cards, or they could also swap them between multiple smartphones
Users would notice when their batteries died quickly or their bills came in
![Page 34: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/34.jpg)
Smartphone Viruses evolve
2006 – Redbrowser.A Java Midlet sends SMS messages to a pay number while pretending to give free Internet over SMS (abusing J2ME)
![Page 35: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/35.jpg)
Commercial Smartphone Spyware
Flexispy Hides from process list, no icon or UI Records details of voice calls, SMS
messages, GSM location info Hidden UI via special code Signed via Symbian Signed so no user
prompts
![Page 36: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/36.jpg)
Flexispy Installation
![Page 37: Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649cff5503460f949d0088/html5/thumbnails/37.jpg)
Questions