An Analysis of 3G Phone Security Emily Maples & Evan Nakano CMPE 209
Agenda 3G Definition Purpose of 3G Security Types of 3G Security Attacks 3G Security Vulnerability Points Types of Protection Business Implication Conclusions
3G Definition “Third generation of telecommunication hardware standards and general technology for mobile networking, superseding 2.5H” Based on the International Telecommunication Union (ITU) family of standards Offers data, voice, and video services over a wide-area wireless network
Purpose of 3G Security Initially, mobile operators only provided cellular voice service Had limited security concerns With 3G mobile networks, mobile operators are offering data services Requires opening up once restricted networks to a wider range of networks 3G mobile operators must now address an entirely new set of hazards Including viruses, Trojans, and denial of service attacks
Types of 3G Security Attacks Viruses Denial of service Overbilling Spoofed PDP context Signaling-level attacks which involve modification
3G Security Vulnerability Points The mobile equipment (ME) itself (i.e. personal computers, smart phones, etc) The wireless link between the ME and the cellular base station (BS) Interfaces to other mobile or data networks
Types of Protection Device and network anti-virus scanning Firewalls and VPNs Intrusion detection and prevention (IDP) Signaling firewalls
Business Implication Interrupted service Lost billable minutes Increased customer dissatisfaction Increase number of support calls Legal ramifications
Conclusions Security is a significant factor to a mobile network operator as well as the subscribers There will always be attackers that find new ways of compromising data being sent across the network As long as networks vulnerability points are well understood, software mechanisms can be employed to protect the network against possible threats