Smart-Phone Attacks and Defenses
Download
Report
Transcript Smart-Phone Attacks and Defenses
Smart-Phone Attacks
and Defenses
Discussion led by Aaron Isaki
Authors
Chuanxiong Guo
Helen J. Wang
Wenwu Zhu
HotNets III
November, 2004
San Diego, CA
Microsoft Research
Microsoft Research
Microsoft Research Asia
Definitions
Smartphone – Mobile device containing
both cellular components and Internet
access, with powerful computing
components similar to those found on
desktop PC’s.
Smartphone Operating Systems (OS)
“covered” in this paper: Symbian,
Windows Mobile/PocketPC, Palm, and
embedded Linux.
Problem
Smartphones are interoperable between
cellular networks and the Internet and
have the potential to be dangerous
conduits for threats from the Internet to
the telecom infrastructure.
Bridging the Networks
Powerful Smartphone OSes
Provide access to cellular network with cellular
standards such as GSM /CDMA and UMTS.
Access to the Internet with network interfaces
such as infrared, Bluetooth, GPRS/CDMA1X,
and 802.11; and use standard TCP/IP protocol
stack to connect to the Internet.
Multi-tasking for running multiple applications
simultaneously (except for Palm OS).
Data synchronization with desktop PCs.
“Open” APIs for application development.
Increased Threat
Inevitable software vulnerabilities in
complex OSes
Always-on vulnerability to Internet worms
Smartphone user population likely to
exceed PC user population
History of Smartphone Attacks
Cabir, June 14, 2004 (Symbian OS
worm)
Duts, July 17, 2004 (PocketPC virus)
Mosquito dialer, August 6, 2004 (trojan
horse)
Cabir/Caribe Worm
Spread over Bluetooth
Targeted Symbian Series 60
Proof of concept
Messagebox payload, replication bug
drastically limited spreading
Cabir/Caribe
Duts
Proof of concept code
Hand-written assembly for ARM
processors
“This is proof of concept code. Also, i
wanted to make avers happy. The
situation when Pocket PC antiviruses
detect only EICAR file had to end ...”
Main Contribution
Presents a high-level outline of several
attacks using smartphones on the
telecom network
Telecom network was relatively safe
Widespread convergence of Internet and
telecom networks on a single device
increases threat to telecom networks
Main Ideas
Smartphones are the common link for
the Internet and telecom networks.
Smartphones are portable computers
and can be subverted to launch attacks
on previously secure telecom networks.
Existing attacks that were successful on
the Internet would cause much more
damage and cost end users more.
Compromising Smartphones
“Attacks from the Internet” – viruses,
trojans, or worms spread “the same way
as PCs”
Infection from compromised PC during
data synchronization
Peer smart-phone attack or infection (via
Bluetooth or WiFi)
Malformed SMS text message [?]
Compromised Smartphone
Attacks on Telecom Network
Base Station DoS
Using eight smartphones for each GSM
carrier frequency can tie up a GSM base
station
Call other phones, but do not answer the
incoming call (to avoid being charged)
Ties up a time slot on each end for a
minute, exhausting radio resources
Compromised Smartphone
Attacks on Telecom Network
Call Center DDoS
Using victims’ phones to remotely and
automatically place calls
Significant numbers of zombie
smartphones would be needed to reach a
cellular switch’s limited Busy Hour Call
Attempts (BHCA) value
Compromised Smartphone
Attacks on Telecom Network
Spam SMS
Junk or marketing messages sent through
SMS
Abundant SMS packages make it possible
to slip past owner’s notice
“Good incentive to compromise
smartphones”
Compromised Smartphone
Attacks on Telecom Network
Identity Theft and Spoofing
Smartphones allow remote reading of SIM
card data
International Mobile Subscriber Identity,
SMS history, and stored numbers the
target
Attacker can use stolen identity
Compromised Smartphone
Attacks on Telecom Network
Remote Wiretapping
Passively record the conversations of their
owners
Report back to spies
Encrypt and tunnel the conversation with
other Internet traffic
Defenses
Smartphone Hardening
Internet Side Protection
Telecommunication Side Protection
Cooperations between the Internet and
Telecom Networks
Smartphone Hardening
Attack Surface Reduction
Turn off features not in use
OS Hardening
Always display callee’s number
Light up LCD display when dialing
Export only security enhanced APIs to
applications
Attacking actions should be easily
detectable by the smartphone user
Smartphone Hardening
Hardware hardening
SIM Toolkit (STK) – API to securely load
applications to the SIM
STK allows operator to provision services
directly to the SIM
Combine STK and TCG’s Trusted Platform
Module (TPM) for hardware hardening
Internet Side Protection
Rigorous software patching
Vulnerability-driven network traffic
shielding
Smartphone ISPs (GPRS or CDMA)
should restrict Internet access unless
devices are fully patched
Telecommunication Side
Protection
Telecom traffic is highly predictable and
well-managed (voice or SMS traffic only)
Abnormal blocking rates of base station
or switch (DoS attack)
Abnormally high call-center load
Abnormal end-user behavior
Telecommunication Side
Protection
Detecting abnormal end-user behavior will
require in-depth analysis
Junk SMS messages can be detected the same
way as spam e-mail
Methods exist to trace and limit smartphones
effectively
Very expensive to put defenses into various
parts of telecom infrastructure
Only a handful of telecom carriers, easy to
coordination between them
Cooperation between the Internet
and Telecom Networks
Exchange known vulnerability and attack
information to reduce vulnerable
services
Advance knowledge of an attack on the
other network can be passed along
Telecom’s blacklisted smartphones can
be added to ISPs blacklists
Differentiating smartphones
and other 802.11 clients
Assign unique IDs to all Internet wireless
endpoints, creating a mapping between
SIM IDs and Internet wireless IDs
Design smartphones to submit SIM IDs
to APs for authentication
Modem-Equipped or VoIPEnabled PCs
These PCs cannot access both networks
simultaneously?
VoIP PCs lack SIM cards, so they cannot
be spoofed
VoIP PCs send traffic through an IP-toPSTN switch, which can limit rates
Smartphones are more popular?
Interoperation breaks design
assumptions
Telecom networks have dumb terminals
and intelligent networks
The Internet is a dumb network with
smart endpoints
The attacks listed were possible when
combining the smart endpoints with
intelligent networks
Security must be considered before
connecting any hardware to the Internet
Conclusions
Imminent danger of smartphone attacks
against telecom infrastructure (privacy
issues, identity theft, DoS)
Outlined some defense strategies
Urge system architects to pay attention
to insecurity of the Internet when
connecting new peripherals
Questions Left Open
With constant Internet available to
smartphones today, how is this threat
model changed?
Is Symbian Signed and Windows Mobile
signed an effective countermeasure?
My thoughts
Paper was very light on details, perhaps to
protect smartphone users?
What about smartphones attacking other
smartphones or Internet sites?
Smartphone bandwidth now hundreds of times
greater than when the paper was written
Greater threat posed by VoIP, which connects
to the telecom network as well, but has less
restrictions on what those computers can do.
Many more smartphones available, but much
fewer viruses reported. Smartphone security
doing its job?
My thoughts continued
Smartphone “Hardening” section was
very weak. Code-signing with
certificates now used
Clients today may run multiple SIM
cards, or they could also swap them
between multiple smartphones
Users would notice when their batteries
died quickly or their bills came in
Smartphone Viruses evolve
2006 – Redbrowser.A Java Midlet sends
SMS messages to a pay number while
pretending to give free Internet over
SMS (abusing J2ME)
Commercial Smartphone
Spyware
Flexispy
Hides from process list, no icon or UI
Records details of voice calls, SMS
messages, GSM location info
Hidden UI via special code
Signed via Symbian Signed so no user
prompts
Flexispy Installation
Questions