Vulnerabilities in SMS and MMS on Cellular based networks

1
Vulnerabilities in SMS and MMS on Cellular based
networks

• Daniel Ekerman
• TDC 477

2
SMS/MMS Quick Facts

• Growing in popularity
• Profitable for Telcos and Third-party vendors
• Integrates Cellular Networks with the internet
• Can be sent from mobile device or internet
  Gateway i.e. messaging portal, website

3
How SMS is transmitted

• Control channels are used to set up voice calls
• Same control channels are used to carry SMS
  messages to intended device
• Vulnerable to call blocking (not being able to
  receive calls) if all control channels are
  flooded with SMS messages
• Creates a DoS (Denial of Service Attack) on
  network

4
Required bandwidth to saturate network

• Attack can be launched using as little as a
  high-speed DSL Connection
• Attacker can deploy zombie networks to attack
  larger cities

5
MMS Attack

• Creates hit-list by sending MMS Messages that
  link to malicious server
• Obtain victims IP address and sends UDP packets
  which wake ups the transceiver
• Active transceiver causes high battery
  consumption
• When done through the day batteries dies quickly

6
Solutions

• SMS
• Separation of Voice and Data
• Assign priority (high priority for cellular
  network originated and low priority for internet
  originated)
• Restrict number of channels available to send
  text messages
• Use CAPTCHAs and limit message recipients on
  messaging portal
• Close off connection from web (never will happen)
• MMS
• Private key encryption be used to authenticate
  messages
• Wap Gateways which block profile information
• Scan and filter MMS headers on the carriers
  server