Security threats increasingly threaten operators, subscribers

Alan Pascoe, Tekelec
06 Apr 2009

The enthusiastic response to mobile messaging has attracted the unwanted notice of fraudsters and opportunists. Advances in messaging and mobile devices have created a fertile new frontier for perpetrators of malware, viruses and scams. Subscribers increasingly depend on mobile devices as a primary communication tool, exchanging sensitive personal and business data that represent a potential gold mine for fraudsters.

Also, smartphones have morphed into small PCs and now are vulnerable to many of the same threats seen in the internet. Security loopholes in handheld devices that support operating systems such as Symbian, Microsoft, Blackberry, Android and Apple create windows for abuse.

Trends indicate that the mobile messaging threat level is on the rise globally. Asia has been hit particularly hard by mobile abuse, largely due to the low cost of sending and receiving text messages. In March of 2008, a tidal wave of SMS spam hit nearly half of China\'s mobile users. Seven online advertising firms were able to launch unwanted junk messages to over 200 million subscribers.

In India, some operators have experienced spam levels of nearly 30%. Earlier this year, the Telecom Regulatory Authority of India mandated that all telecom operators now must append an ID tag to any bulk application-to-person texts to enable authorities to trace the source of unsolicited text when subscribers file complaints.

As mere unsolicited advertising or promotions, mobile spam is a simple nuisance. However, spam has evolved into a dangerous tool as fraudsters have become increasingly sophisticated in its use. New forms of spam rely on social engineering techniques to dupe mobile subscribers into divulging sensitive personal data, calling premium-rate numbers and texting premium-rate short codes.

Mobile-originated (MO) spoofing typically involves the illegal use of an operator\'s SMS center network by a third party. The spoofer manipulates the operator\'s mobile subscriber integrated services digital network number to, among other things, avoid paying for SMS service. Typically, the spoofer poses as a subscriber roaming in a foreign network and sending MO messages.

With SMS faking, a hacker simulates a short message entity or other element in an external signaling system 7 (SS7) network to avoid termination charges. Spam entering the network from international SS7 links is difficult to eliminate as multiple parties are involved and sometimes anonymous.

Then there is flooding or denial of service, which occurs when the signaling system is overloaded with a massive number of messages sent from a remote system. Mobile phones use the same control channel to set up calls and receive SMS messages. Swamping a cell area or multiple cells with messages congests the control channels used to establish connections with the mobile devices in that cell, effectively disabling service.

Further, viruses that proliferate through BlackBerry phones, Windows Mobile-based phones and other smartphones pose a particular security threat to operators and subscribers. Smartphones lack adequate anti-spam, anti-virus, web filtering and other security software, making them susceptible to the same viruses and malware that have plagued the PC industry for years. The devices provide an ideal path for cyber-criminals to access sensitive personal and corporate data.

There are more than 370 known mobile viruses. The Cabir virus, which debuted in 2005, has infected phones in more than 30 countries.

Related content

No Comments Yet! Be the first to share what you think!