An Analysis of 3G Phone Security Emily Maples & Evan Nakano CMPE 209

Agenda  3G Definition  Purpose of 3G Security  Types of 3G Security Attacks  3G Security Vulnerability Points  Types of Protection  Business Implication  Conclusions

3G Definition  “Third generation of telecommunication hardware standards and general technology for mobile networking, superseding 2.5H”  Based on the International Telecommunication Union (ITU) family of standards  Offers data, voice, and video services over a wide-area wireless network

Purpose of 3G Security  Initially, mobile operators only provided cellular voice service  Had limited security concerns  With 3G mobile networks, mobile operators are offering data services  Requires opening up once restricted networks to a wider range of networks  3G mobile operators must now address an entirely new set of hazards  Including viruses, Trojans, and denial of service attacks

Types of 3G Security Attacks  Viruses  Denial of service  Overbilling  Spoofed PDP context  Signaling-level attacks which involve modification

3G Security Vulnerability Points  The mobile equipment (ME) itself (i.e. personal computers, smart phones, etc)  The wireless link between the ME and the cellular base station (BS)  Interfaces to other mobile or data networks

Types of Protection  Device and network anti-virus scanning  Firewalls and VPNs  Intrusion detection and prevention (IDP)  Signaling firewalls

Business Implication  Interrupted service  Lost billable minutes  Increased customer dissatisfaction  Increase number of support calls  Legal ramifications

Conclusions  Security is a significant factor to a mobile network operator as well as the subscribers  There will always be attackers that find new ways of compromising data being sent across the network  As long as networks vulnerability points are well understood, software mechanisms can be employed to protect the network against possible threats