3G: Controlling the threats
Naresh Wadhwa, President and Country Manager, Cisco India and SAARC
The era of third-generation (3G) mobile services has arrived in India and is set to revolutionize the entire mobile application market. 3G is expected to provide subscribers access to an ever-expanding array of high-bandwidth applications and data services-unlimited, high quality mobile content -audio, video -which can be streamed in less than a few seconds, leading to a rich user experience. For the mobile operators 3G is an opportunity to provide excellent content and services to subscribers although the need for service differentiation is urgent.
Ironically though, post the launch of 3G services by private operators in India, there has been a spate of controversies around security issues pertaining to 3G -real time interception of video calls being the biggest one, failing which operators might need to withdraw their service, which could affect their profitability in a big way. Security concerns around 3G are higher because the 'always-on' connection made possible by these networks can expose subscribers and operators to a growing number of malicious threats.
The largest threat for mobile security is from cybercriminals that are looking for data to steal and make money. On the consumer side, this could be by stealing personal data like credit card information, bank accounts, etc. while on the business side it could be confidential data, source code, and strategy data that can be used for corporate espionage. These threats are not new and have existed for some time on the internet. However, the potential ubiquity of mobile services combined with the ease of access make high-speed mobile networks a fertile hunting ground. Today Smartphones are becoming more affordable and corporate are adopting the "any device" policy for corporate network access, which leads to heightened security requirements.
Why 3G networks are vulnerable
3G networks are vulnerable because mobile operators, acting as internet service providers (ISPs) are opening up their formerly closed networks to numerous other operators, data networks and the public Internet, offering a wider array of services and content to their subscribers. With 3G enablement multiple device types -smart phones, PDAs, notebook computers and data-capable feature phones -provide anytime anywhere access to data, so far more elements are susceptible to an attack.
Attackers use a variety of tools to penetrate mobile operator networks - e.g., botnet-based denial of service attacks, mobile malware, or attacks which exploit unprotected weaknesses in signaling protocols (SIP) or other protocols which are integral to many operators' networks. Mobile malware can spread through multimedia messages (MMS) -over any distance. Since MMS can be sent to email addresses, it serves as a cross-platform carrier -spread malware from a PC to a mobile device or vice versa and impacts a mobile operator's operations.
Attacks can originate either outside the mobile network i.e. in the public Internet, private networks, other operators' networks or within the mobile network i.e. from devices such as data-capable handsets and smart phones, notebook computers or even desktop computers connected to the 3G network. An example of a virus that originated inside the mobile network was the Cabir mobile virus which was unleashed onto the mobile network in Helsinki in 2005. The virus spread via a file transfer and infected thousands of phones all over the world before eventually being quarantined. An example of a virus that originated outside the mobile network was the Slammer/Sapphire worm which, in 2003, destroyed 20 percent of the global Internet traffic, shut down 13,000 cash machines, delayed airline flights, and rendered emergency services in Washington useless for a short period of time.
With the arrival of 3G, operators are moving to evolve their networks to conform to the IP Multimedia Subsystem (IMS) architecture, which uses open standard IP protocols to create communications links between varieties of users. These connections can, and will traverse multiple networks - the PSTN, the Internet, the mobile operator, a cable operator and/or a WiFi provider, each of which has unique vulnerabilities to different attacks.
With 3G, hackers can peep into mobile phones the same way they do with computers, listen to phone calls, check messages and control data on the phone. Data can be vulnerable to theft and misuse if a mobile phone is misplaced or lost. Attacking data networks can defraud the mobile operator of airtime, render the network unusable for a period of time and help hackers acquire subscriber information to steal their identities or billing/ credit card information.
Hijacking the IP of the subscriber and using it for the attacker's own purpose causes legitimate users to be billed for activities which they did not undertake. In 2004, one of USA's leading mobile subscriber databases was compromised when an attacker hacked into the network and viewed millions of user sensitive data (social security numbers, dates of birth, voicemail PINs, and passwords to email accounts). This not only impacted the service provider's revenue and credibility, but also millions of subscribers' whose sensitive personal information was stolen or misused. Another type of attack is called 'overbilling,' which involves a malicious user hijacking a subscriber's IP address and then using it to initiate fee-based downloads or using the connection for their own purpose. In either case, the legitimate user is billed for activity which they did not authorize or actually conduct.
Attacks targeted at subscribers can include "marketing harassment" where an attacker uses text messaging or other cellular phone services to pester subscribers, creating extra charges for the subscriber. In 2006, more than 98,000 unsolicited short text messages were sent to wireless customers in the USA informing them that they had won a cruise and asking them to call and claim their prize. The attacker organization harassed subscribers with their messages, tainting the mobile service provider's image in the bargain. Legal action had to be taken to stop further harassment.
Virus propagation across 3G networks is a major cause for concern. New mobile viruses along with traditional ones threaten to degrade the overall user experience, even as operators maybe impacted by support and network-management concerns resulting from denial-of-service (DoS) attack. A DoS attack on operator network can deny internet service to the operator's customers, overwhelm the available bandwidth by meaningless data traffic and impair subscribers' ability to use their cell phones. This interruption will affect both the mobile operator (lost revenue) and the subscribers (no service).
ecuring the 3G Network
According to a study conducted by the iGR technical consulting firm, "the estimated total impact of a three hour network outage on a prepaid operator's network is US $20.5 million. This means that there is a need for strong, multilayered security technologies both in today's 3G world and tomorrow's IMS environment because vulnerabilities exist in many different networks and not just in the mobile operators'. Building that security means taking an architectural approach to implementing security solutions in the network. Corporate need to think about data security in terms of encryption and access control (VPNs, identity based network access, strong passwords, etc). Service Providers need to protect end users by using techniques like spam filters, websecurity and content filtering.
Mobile operators must implement a layered defense for their network that concentrates, whenever possible, wireless data services into a smaller number of data centers to protect end users. They must deploy a variety of products in their networks, such as firewalls, intrusion detection and prevention (IDP) and virtual private networks (VPNs) and make client-side anti-virus and firewall software readily available to their subscribers who use smart phones, notebooks and other devices. It is also important that the deployed firewall is robust enough to handle the traffic flow. Intrusion detection and prevention systems (IDP) complement the role of firewalls in a mobile operator's network because they can detect attacks within the traffic that is flows into the network.
Operators must be vigilant and adopt appropriate security policies that reflect the threats in the 3G world. Given the widespread use of WiFi and the evolution towards IMS based networks , they need to work with each other and the ISP community to vigorously protect traffic that flows across the network. To improve control over network and user activity, operators must enable networks to differentiate between services such as web browsing, music downloads, video streaming, VoIP, or P2P traffic and control the quality of individual services.
As new 3G services proliferate, potentially beyond the mobile service provider's control, operators must equip their networks with service control capabilities to analyze traffic usage, control bandwidth allocation between the various services, and secure the network from malicious traffic. Adding a service control element to mobile data networks can provide mobile operators with a rich set of tools to manage network traffic and address performance, as well as service security concerns.
These solutions provide operators ways to create new paradigms for better service delivery and establish more granular control for the deployment of services. Such solutions help identify subscribers, classify applications, guarantee service performance and provide information about IP services. Specifically built to be deployed at the network edge, they offer operators unparalleled control over network traffic and subscriber usage. This helps increase average revenue per user (ARPU), strengthen customer loyalty and guarantee the delivery of innovative data services.