Security threat to IP less cellular phone - a brief survey

Security threat to IP less cellular phone - a brief survey Weiwei Hu Helsinki University of Technology [email protected]

Abstract With the development of modern society, more and more wireless communication techniques are used into people’s daily life. General Packet Radio Service (GPRS) and Enhanced Data rates for GSM Evolution(EDGE) are the most common services which offer people the data services via mobile networks. However, such technology is suffering serious security problems since the subscribers are increasing rapidly in recent years. This article focuses on several major security vulnerabilities which include air interface vulnerability, virus and malware. Also a number of efficient defense solutions are covered in this article.

Figure 1: Radio Network Structure

KEYWORDS: GPRS, EDGE, mobile security, wireless communications

1

Introduction

Mobile phones have been widely used in many countries in recent years. However, these phones clearly are not just used for conversations, as well as the information terminals for email, Web browser, and Internet services. They also enable people to not only chat, watch mobile TV and online movies, but also mobile internet games. Cellular phones are also used as credit cards and bus fares in some modern cities. All of those indicates the cellular phones are not only the phone we use to communicate anymore and become more and more irreplaceable . On the other hand, the issues of the illegal use of mobile phones are increasing, and there is a growing risk that e-mail addresses and other personal information can fall into the wrong hands.

2

Threats from Air Interface of Cellular Phone

The openness of the radio network structure decides the vulnerabilities of the cellular networks. BTS is the equipment which facilitates the wireless communication between user equipments and the network. All voice data and internet packets from/to mobile phone are sent/received via BTS. The security of interface between mobile phone and BTS is the most important topic inside wireless telecommunication system. Cellular phones are more vulnerable than regular phones because of differences of their data transmission technology. Inside cellular networks, cellular phones send radio frequency transmissions through the air on two distinct channels: one is for data communication and the other is for control signals. When a cellular phone power on, it emits a control signal which contains the identifier to a BTS. When BTS receives this control signal, it determine if requester is authorized by comparing user’s Mobile Identification Number (MIN) and Electronic serial number (ESN) with those inside cellular subscribe list. Once it is done, BTS sends a control signal to permit the subscribe to use data service. This pairing process is repeated whenever the cellular phone is powered on or transferred to another BTS. Most security issues occurs in that[2].

Most data services on cellular phones are based on GPRS and EDGE services. Fig. 1 shows the relationship between users’ cellular phones, Base Transceiver Station (BTS) and • other components inside radio access network. General Packet Radio Service (GPRS) /Enhanced Data rates for GSM Evolution (EDGE) are mean of medium to • access data services using cellular phone. Both GPRS and EDGE are the data network architecture which is designed to integrate with existing GSM networks and offer mobile subscribers packet switched data services to corporate net[6] works and the Internet.

Vulnerability to monitoring of conversations while using the phone. Vulnerability to "cloning": Phone number is used by others to make calls that are charged from this phone number account.

TKK T-110.5290 Seminar on Network Security

2.1

Vulnerability to Monitoring

Cellular phones are becoming a part of life for most of us. "You probably assume that when you make a phone call or make a internet connection through your own mobile phone, it’s private. But depending on the kind of phone you’re using, it may not be private at all. In fact, someone using the right technology might be listening in now", said CBS 2 News’ Lance Orozco[7]. All cellular phones are radio based transceivers. All data are sent/received to cellular phone through air. That means anyone with the right equipment can receive the user data. Any data you transferred from/to internet from cellular phone can be easily detected by someone using a radio network scanner. Although the digital cellular phone system is used nowadays and transmissions are scrambled for better protection, it is also possible for eavesdropper to buy a digital data interpreter which can work with the scanner radio and a PC. The digital data interpreter translates all the data between BTS and cellular phone from radio scanner and send those information to PC to find what the data is transferring[5]. As mentioned above, the pairing process occurs whenever the cellular phone is powered on or its BTS is changed. Therefore, the eavesdropper can simply wait for the target to leave and use scanner to detect the initial signal between cellular phone and BTS. In this case, all related information of the phone is recorded.

2.2

Vulnerability to Cloning

Cloning is the process that thieves interpret the electronic serial number (ESN) and mobile identification number (MIN)from phone signal and save those numbers into another Subscriber Identity Module (SIM) card and the SIM card is identical to the original owner. This is the equivalent of stealing a phone card. The principle of cloning is to use a scanner to monitor the control channel. The scanner captures the pairing information that is transferred from a cellular phone to a BTS and save those information into its memory. And thieves can use those information stored in memory to reproduce the same control channel signal and pretend to be a legal subscriber to make a connection. However, the cost will be charged from original users. In practice, cloning SIMs might be much simpler than what you thought. For example, one site explains how to use a home made SIM card reader costing 5 dollars connected to the serial port of your PC. Using a software like Simscan, you can read the IMSI and extract the Ki which can then be copied to another SIM.

2.3

2007-10-11/12

Counter Measures

A cellular phone polls the BTS with the strongest signal every few seconds. This is the way that network system can know which BTS is taking care of your cellular phone. But this polling causes the interpreting and cloning for the phone. So the best defence is "Turn Off the Phone". But if you must use the cellular phone, some simple countermeasure include:

• Turn cellular phone on only when you need it. Turn off the cellular phone after making a call. Don’t leave the cellular phone on all the time and use sms instead of making call. • Disable/Limiting "roaming" Check the functionalities of the cellular phone and check if the roaming function is enabled. The roaming function make the Personal Identification Numbers (PINs) useless. On the other hand, roaming function also bring some problems in using fraud-detection programs. For example, it cause the system impossible to shut down when fraud is detected. • Using Personal Identification numbers (PIN) Most cellular phone companies offers the PIN on their SIM card. This is an effective way to avoiding cloning although you have to input your PIN every time you power on your cellular phone[1]. • Review all bills Check your phone bills and check each connection. There are two kinds of clonings: common cloning and tumbling. Common cloning can be detected as it uses same ESN/MIN. The bill report shows hundreds even thousands bogus connections. And in tumbling, thieves use different ESN/MIN for each connection. The bill could display only one bogus connection or occasionally in some months. But the phone is still cloned.

3

Threats from Internet

First Mobile phone was born in 1978. During these twenty years, more and more functions are intergraded into our handset and mobile phone system becomes more and more complicated. From single thread/process phone which can only make call to the most advanced smart-phone which has multi-threads operating system, the security risks increase by the phone becomes complex. The number of security attacks against mobile phones have been increasing rapidly according to the statistic data from Juniper Research. The analyst firm has identified a raft of risks that can affect mobile users, including viruses and malware[3].

3.1

Threats from viruses

A mobile phone virus is a computer virus specifically adapted for the cellular environment and designed to spread from one vulnerable phone to another[9]. The first phone virus was verified on 2004 although the topic of mobile phone virus has been argued for several years. The worm, known as Cabir, is the first verified mobile phone virus which was created by a group from the Czech Republic and Slovakia called 29a, infects phones and devices running the Symbian operating system. The invention of Cabir is considered a "proof of concept", because it proves that a virus can be written for mobile phones, something that was once doubted.


2007-10-11/12

"It is a milestone in the timeline of viruses but technically is not that special," said Graham Cluley, a senior technology consultant at Sophos Anti-Virus. When the infected file is launched the mobile phone’s screen displays the word "Caribe". Every time the mobile phone is turned on, the worm will launch itself and scan the area for other phones to infect, sending a copy of itself to any it finds. The behavior of Cabir is exactly same as what a PC virus does. With more and more advanced technologies are coming such as 3G (the third generation) telecommunication technology, people can browse internet with more bitrate and bandwidth. And they Figure 3: a trend chart of mobile phone virus from 2004 to have become more inviting for attackers looking to spread 2006 (Source from F-Secure Ltd) viruses or steal information[4].

Figure 2: Increase in the number of known mobile virus families. (Source from F-Secure Ltd) Since first mobile virus was discovered, the number of mobile viruses is increasing dramatically. Fig. 2 shows the amount of virus family changes from 2004 to 2006.

3.2

Threats from malware

A report from McAfee said malware is hitting mobile device users around the world at increasing rates. A research from Informa Telecoms and Media found 83 percent of mobile operators surveyed have been suffered by mobile phone Figure 4: Mobile Malware (Source from "Mikko Hypponen, infections, and more than half of operators that have expe- Malware goes Moblile") rienced mobile malware outbreaks have had one within the last three months.

3.3 The malware data was collected between June 2004 and April 2006, Fig. 4 shows us the rapid growing malwares. The mobile phone is not secure anymore. Some of the malware disabled telephone functions, and some of it was spyware, a malicious mobile phone virus could also collect contact numbers and other private data stored on the handset, as well as sending those information out by internet connection or messages from the victim’s phone. "People need to take this seriously and in the same way as we protect our PCs, we need to protect our mobile phones," said Mr Piercy[4].

Best Practice for protect cellular phone from virus and malware

All of the major AntiVirus company like Mcafee and Norton offer antivirus software for phones in different platforms. This is the easiest way to protect the cellular phone from virus and malware. But if we compare those to PC virus and malware, the amount of threats on cellular phone is still in low level. Users can avoid mobile malware with some simple practices: Check your desktop system and ensure all host systems used to synchronize mobile devices are protected with updated antivirus software. The desktop system could fetch some infected applications before they are installed on the


2007-10-11/12

mobile device. [8] L. Tung. Trojan attack targets top executives. September 2007. Disable the Bluetooth feature on your mobile phone when it is not necessary. This could protect the phone from some type of malware and improve battery performance. When [9] WhatIs.com. Mobile phone security attacks on the rise. Bluetooth has to be on for some accessory, turn it to be undiscoverable. It cannot guarantee the safety of mobile phone system but it can provide some defence against attacker. The best practice is to turn it on when necessary and turn it off when it is not in use.

Figure 5: Some Protect software for mobile phone (Source from "Mikko Hypponen, Malware goes Moblile")

4

Conclusion

People have always been the weakest link when it comes to protecting computers. The same applies to mobile phones. There are vulnerabilities existing inside different systems. Just like the Symbian operating system for mobile phones is "fairly secure," F-Secure security expert Patrik Runald said[8]. Yet security is a problem. But if we can use our cellular phone more carefully, we can reduce the risks to as less as possible.

References [1] C. Agostino and F. Riccardo. Information flow security in mobile ambients. Electronic Notes in Theoretical Computer Science, 2001. [2] C. Gandhi. A review of security in mobile ad hoc networks. Institution of Electronics and Telecommunication Engineers, November/December 2006. [3] W. Head. Mobile phone security attacks on the rise. [4] B. News. First mobile phone virus created. [5] U. News. How o.j simpson was tracked in his bronco by los angles law enforcement. February 1995. [6] N. R. Organization. Just how secure is your cellular phone? November/December 1997. [7] L. Orozco. Cell phone spying, a cbs 2 news special assignment.