Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exploiting Open Functionality in SMS-Capable Cellular Networks Authors: William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Publication:

Published byEunice Leonard Modified over 9 years ago

Similar presentations

Presentation on theme: "Exploiting Open Functionality in SMS-Capable Cellular Networks Authors: William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Publication:"— Presentation transcript:

1 Exploiting Open Functionality in SMS-Capable Cellular Networks Authors: William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Publication: 12th ACM conference on Computer and communications security, November 2005 Presenter: Brad Mundt for CAP6133 Spring ‘08

2 Motivation SMS  Ingrained into modern culture  69 million messages per day in UK  10 cents per message  Popular with telecom Voice traffic is fixed revenue, unlike SMS Opened up the system- web, email, IM…

3 Motivation… Internet-originated text messages Deny voice service to a city  Zombies  Hit lists Similar to traffic from Slammer worm  BoA ATMs, 911 services

4 Presentation Flow Cellular Network Overview Vulnerability Analysis  Research  Discovery Attack vectors and implements Scenario Other stuff

5 SMS/Cellular Network Sending  Mobile device or ESME External Short Messaging Entities (ESME) Delivering  Short Messaging Service Center (SMSC) SMS formatting Queued for forwarding Query Home Location Register (HLR) for directions

6 SMS/Cellular Network Delivering (Continued)  HLR Subscriber Info, call waiting, text messaging If user is busy, store SMS for later Otherwise give address for MSC  Mobile Switching Center

7 SMS/Cellular Network Delivering (Continued)  MSC Service, Authentication Location management for BS, no not that BS!  Base Stations Hand offs / gateway to PSTN  Public Switched Telephone Network Query Visitor Location Register (VLR)  Returns Info when device is away from HLR  Forwards to correct BS for delivery

8 SMS/Cellular Network

9 Vulnerability Analysis Bottlenecks  System is a composite of multiple Queuing Points  Injection rate versus delivery rate Targeting Queues  SMSC Finite number in queue, SMS age, policy Messages remain in SMSC buffer when device is full  Device 500 messages drained a battery

10 Plan Messages exceeding saturation levels are lost  Successful DoS needs Multiple subscribers Multiple interfaces Hit-lists and Zombies

11 Hit-list Creation Internet search for NPA/NXX DB  Target wireless numbers by domain owner name Web Scraping Worm  Device recently call lists  Computers that sync with device

12 Attack profile attributes GSM gray-box testing  900 SMS per hour on each dedicated channel  1 dedicated channel per 4 voice  2 dedicated channels per carrier Protocol sharing Number of dedicated channels per area Number of carriers per area

13 Cellular device channels Two Channels  Control Channel (CCH) Common CCH  BS uses for voice and SMS connections establishment  All connected mobiles are listening on this for signaling Dedicated CCH  Data  Traffic Channel (TCH) Voice

14 Attack Scenario 2500 numbers in hit list Average 50 message device buffer 8 dedicated channels, (D.C.) 1 message per phone every 10.4 sec 8.68 min to fill buffers

15 Targeted Attacks Fill the buffers, users loose messages Data loss on some devices from overflowing  Read messages overwritten when new ones arrive (Nokia 3560) Message delays due to overflowing  Campus alert messages- blocking? Deleting junk SMS, accidentally delete good ones Battery depletion

16 Tomorrows email SPAM Phishing Viruses  Cabir and Skulls Both were bluetooth

17 SMS Spam

18 Summary Cellular networks are critical part of  Social and economic infrastructures Potential misuse from external services  DoS  InfoWar  Economic

19 Contributions Security impact of SMS on Cellular network Demonstrate ability to deny serivce to city sized area Techniques for targeting these systems How to avoid

20 Weaknesses Gray-box testing  Documentation  Experimentation without EULA violations Time of Day / Day of Week Payload size variations Estimations

21 How to Improve Traffic analysis for  Time of Day / Day of Week Vary payload size If White hats, work with the telecoms Validate for more facts

22 The End Thank you…

Download ppt "Exploiting Open Functionality in SMS-Capable Cellular Networks Authors: William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Publication:"

Similar presentations

Communication Topics Jason Hill –

Communication Topics Jason Hill –
GSM infrastructure MSC, BSC, BTS, VLR, HLR, GSGN, GSSN

GSM infrastructure MSC, BSC, BTS, VLR, HLR, GSGN, GSSN
Networks & Components Discuss the components required for successful communications Explain the purpose of communications software Identify various sending.

Networks & Components Discuss the components required for successful communications Explain the purpose of communications software Identify various sending.
Exploiting Open Functionality in SMS-Capable Cellular Networks 20123550 Chang-Jae Lee Some of the slides and figures were borrowed from the author’s slides.

Exploiting Open Functionality in SMS-Capable Cellular Networks Chang-Jae Lee Some of the slides and figures were borrowed from the author’s slides.
Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.

Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.
On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core Patrick Michael Lin, Machigar Ongtang, Vikhyath.

On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core Patrick Michael Lin, Machigar Ongtang, Vikhyath.
On Attack Causality in Internet- Connected Cellular Networks Presented by EunYoung Jeong.

On Attack Causality in Internet- Connected Cellular Networks Presented by EunYoung Jeong.
Wireless, Mobile Networks 6-1 18 – Mobility. Wireless, Mobile Networks6-2 Mobility: Vocabulary home network: permanent “home” of mobile (e.g., 128.119.40/24)

Wireless, Mobile Networks – Mobility. Wireless, Mobile Networks6-2 Mobility: Vocabulary home network: permanent “home” of mobile (e.g., /24)
The Wireless Communication System Xihan Lu. Wireless Communication Cellular phone system Cordless telephone system Bluetooth Infrared communication Microwave.

The Wireless Communication System Xihan Lu. Wireless Communication Cellular phone system Cordless telephone system Bluetooth Infrared communication Microwave.
1G PERSONAL COMMUNICATION SYSTEMS: AMPS (PART III) Ian F. Akyildiz Broadband & Wireless Networking Laboratory School of Electrical and Computer Engineering.

1G PERSONAL COMMUNICATION SYSTEMS: AMPS (PART III) Ian F. Akyildiz Broadband & Wireless Networking Laboratory School of Electrical and Computer Engineering.
SMS WATCHDOG: PROFILING SOCIAL BEHAVIORS OF SMS USERS FOR ANOMALY DETECTION Authors: Guanhua Yan, Stephan Eidenbenz, Emannuele Galli Presented by: Ishtiaq.

SMS WATCHDOG: PROFILING SOCIAL BEHAVIORS OF SMS USERS FOR ANOMALY DETECTION Authors: Guanhua Yan, Stephan Eidenbenz, Emannuele Galli Presented by: Ishtiaq.
First and Second Generation

First and Second Generation
GSM Security Overview (Part 1)

GSM Security Overview (Part 1)
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.

NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on.

Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on.
3/26/081 Exploiting Open Functionality in SMS- Capable Networks William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Systems and Internet.

3/26/081 Exploiting Open Functionality in SMS- Capable Networks William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Systems and Internet.
SHORT MESSAGE SERVICE(SMS)

SHORT MESSAGE SERVICE(SMS)
MOBILE PHONE ARCHITECTURE & TECHNOLOGY. HISTORY  The idea of the first cellular network was brainstormed in 1947  Disadvantages  All the analogue system.

MOBILE PHONE ARCHITECTURE & TECHNOLOGY. HISTORY  The idea of the first cellular network was brainstormed in 1947  Disadvantages  All the analogue system.
 The GSM network is divided into two systems. each of these systems are comprised of a number of functional units which are individual components of the.

 The GSM network is divided into two systems. each of these systems are comprised of a number of functional units which are individual components of the.
Niranjan Balasubramanian Aruna Balasubramanian Arun Venkataramani University of Massachusetts Amherst Energy Consumption in Mobile Phones: A Measurement.

Niranjan Balasubramanian Aruna Balasubramanian Arun Venkataramani University of Massachusetts Amherst Energy Consumption in Mobile Phones: A Measurement.

Similar presentations

Ads by Google