|
|
|
The latest threat to your lifestyle: Cellphone security |
|
IT IS difficult to pinpoint the burden on mobile network operators of emerging handphone network security threats, but operators such as NTT DoCoMo in Japan have stated that they spent up to US$250mil on antispam measures and just recently, Maxis said they are investing RM3.5mil on antispam and antispoofing.
With two billion mobile phone users worldwide and SMS traffic tripling in many regions, 70% of phones sold in Asia Pacific by 2010, will be smartphones. 90% of people with corporate e-mail accounts will have an enterprise-run IM (instant messenger) account by 2009, as staying in touch while roaming leads to a 60% improvement in business productivity.
The mobile wireless revolution is clearly upon us, but are wireless applications secure? There are two principal sources of attacks to a mobile network: End terminals and Internet originated attacks.
End terminals include mobile handsets, PDA smartphones and laptops with mobile data cards, or the operator network, or operator content and application servers.
Mobile handsets commonly run off proprietary operating systems Symbian or Linux.
Threats can be worms, viruses, spyware, denial of service, or spam.
The ever increasing application base supported by these operating systems – SIP (Session Initiation Protocol) for VoIP, WAP for MMS, RTSP (Real Time Streaming Protocol) for video streaming – guarantee continually expanding vulnerability.
Applications for these devices are often written by independent software shops that distribute these as freeware, shareware or license ware, and consumers download them.
Operator controls to restrict or certify them have failed in the past, and a variety of applications – good, bad or ugly – are present in handsets.
The operator clearly needs to worry about potentially malicious or vulnerable applications getting onto a device through their network and then being used as a launchpad for attacks on their network, their application servers and their mobile users.
PalmOS, Symbian, and to some extent Pocket PC, are in the "Smartphone" space.
Typically there is slightly better regulation here, and if an enterprise provided these devices to users, the end user is less likely to "experiment" with application downloads.
But they carry applications such as web browsers and messaging applications (not to mention the base OS) that are vulnerable to attack.
The situation gets even more interesting for laptops as they can be infected when connected to their wireline LAN and then connect to the mobile network, propagating an attack.
There could be resident spyware, Trojans, viruses the user could have picked up from anywhere – work, hotspots, hotels — and once connected to the operators' network through a data card, this malware is free to roam across the spectrum.
Mobile attacks originating from the Internet are very similar to what we see in the wireline world — malicious hackers, hobby hackers, and even web or application servers infected with Trojans or worms.
There are three key nodes in operator networks that are subject to different threats: Internet Gateway Nodes — which are the gateways to the Internet from the mobile operators' internal network and which are subject to threats both from the Internet side as well as the terminal side; Charging Nodes-which contain sensitive charging-related information and are always an attractive target for criminals; and Content Servers — often running on Windows, Linux, or Solaris, that are vulnerable to attacks, as are the application servers and applications running on them.
Comprehensive protection against mobile attacks
Major threats to handsets, PDAs, laptops, from other mobile devices or from the Internet, can be effectively neutralised with integrated firewall/ IDP (intrusion detection and protection) solutions sitting in front of the Internet gateway, and in front of the path that is used to communicate between mobile devices.
But the IDP must have the signatures and anomalies to identify these attacks; and must be able to terminate any encrypted sessions originating from the mobile station while providing standard firewall and IDP protection.
For the Internet gateway – which in most cases also provides network roaming connectivity; integrated firewall with IDP can protect against terminal side attacks, with another positioned to protect the node from the Internet and partner networks.
The requirements are different depending on where they are positioned in the network.
For GPRS/3G, the solution needs to understand the GTP protocol which has a control plane and a user plane – the former used for signalling between the operator nodes and the latter for payload encapsulation originating from mobiles.
For Charging nodes, a stateful firewall can examine GTP protocol charging plane attacks while the firewalling and IDP functions take care of the rest.
Content servers that give hosted services and content to end subscribers usually have their addresses and host names known to the end station, and they are an attractive target for attackers.
The type of services these servers provide are often used in an attack as well.
For example, SIP servers are the target of vulnerabilities in the SIP protocol so firewall/IDP needs to be SIP-aware with protection against protocol anomalies and well known vulnerabilities.
IDP with a SIP ALG and extensive SIP signature database can provide comprehensive protection. A similar approach works for IM servers.
And well known chat protocols like MSN also need to be understood by firewall/IDP to protect these servers.
Submitted Date: Jul 19, 2007
Source: Malaysia Star
|
|
Suggestion about this article.
Report this article
|
|
|
|
News, Articles and Press Releases |
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
