SmartPhone Attacks and Defenses

1
Smart-Phone Attacks and Defenses

• Discussion led by Aaron Isaki

2
Authors

• Chuanxiong Guo Microsoft Research
• Helen J. Wang Microsoft Research
• Wenwu Zhu Microsoft Research Asia
• HotNets III
• November, 2004
• San Diego, CA

3
Definitions

• Smartphone Mobile device containing both
  cellular components and Internet access, with
  powerful computing components similar to those
  found on desktop PCs.
• Smartphone Operating Systems (OS) covered in
  this paper Symbian, Windows Mobile/PocketPC,
  Palm, and embedded Linux.

4
Problem

• Smartphones are interoperable between cellular
  networks and the Internet and have the potential
  to be dangerous conduits for threats from the
  Internet to the telecom infrastructure.

5
Bridging the Networks
6
Powerful Smartphone OSes

• Provide access to cellular network with cellular
  standards such as GSM /CDMA and UMTS.
• Access to the Internet with network interfaces
  such as infrared, Bluetooth, GPRS/CDMA1X, and
  802.11 and use standard TCP/IP protocol stack to
  connect to the Internet.
• Multi-tasking for running multiple applications
  simultaneously (except for Palm OS).
• Data synchronization with desktop PCs.
• Open APIs for application development.

7
Increased Threat

• Inevitable software vulnerabilities in complex
  OSes
• Always-on vulnerability to Internet worms
• Smartphone user population likely to exceed PC
  user population

8
History of Smartphone Attacks

• Cabir, June 14, 2004 (Symbian OS worm)
• Duts, July 17, 2004 (PocketPC virus)
• Mosquito dialer, August 6, 2004 (trojan horse)

9
Cabir/Caribe Worm

• Spread over Bluetooth
• Targeted Symbian Series 60
• Proof of concept
• Messagebox payload, replication bug drastically
  limited spreading

10
Cabir/Caribe
11
Duts

• Proof of concept code
• Hand-written assembly for ARM processors
• This is proof of concept code. Also, i wanted to
  make avers happy. The situation when Pocket PC
  antiviruses detect only EICAR file had to end
  ...

12
Main Contribution

• Presents a high-level outline of several attacks
  using smartphones on the telecom network
• Telecom network was relatively safe
• Widespread convergence of Internet and telecom
  networks on a single device increases threat to
  telecom networks

13
Main Ideas

• Smartphones are the common link for the Internet
  and telecom networks.
• Smartphones are portable computers and can be
  subverted to launch attacks on previously secure
  telecom networks.
• Existing attacks that were successful on the
  Internet would cause much more damage and cost
  end users more.

14
Compromising Smartphones

• Attacks from the Internet viruses, trojans,
  or worms spread the same way as PCs
• Infection from compromised PC during data
  synchronization
• Peer smart-phone attack or infection (via
  Bluetooth or WiFi)
• Malformed SMS text message ?

15
Compromised Smartphone Attacks on Telecom Network

• Base Station DoS
• Using eight smartphones for each GSM carrier
  frequency can tie up a GSM base station
• Call other phones, but do not answer the incoming
  call (to avoid being charged)
• Ties up a time slot on each end for a minute,
  exhausting radio resources

16
Compromised Smartphone Attacks on Telecom Network

• Call Center DDoS
• Using victims phones to remotely and
  automatically place calls
• Significant numbers of zombie smartphones would
  be needed to reach a cellular switchs limited
  Busy Hour Call Attempts (BHCA) value

17
Compromised Smartphone Attacks on Telecom Network

• Spam SMS
• Junk or marketing messages sent through SMS
• Abundant SMS packages make it possible to slip
  past owners notice
• Good incentive to compromise smartphones

18
Compromised Smartphone Attacks on Telecom Network

• Identity Theft and Spoo?ng
• Smartphones allow remote reading of SIM card data
• International Mobile Subscriber Identity, SMS
  history, and stored numbers the target
• Attacker can use stolen identity

19
Compromised Smartphone Attacks on Telecom Network

• Remote Wiretapping
• Passively record the conversations of their
  owners
• Report back to spies
• Encrypt and tunnel the conversation with other
  Internet traffic

20
Defenses

• Smartphone Hardening
• Internet Side Protection
• Telecommunication Side Protection
• Cooperations between the Internet and Telecom
  Networks

21
Smartphone Hardening

• Attack Surface Reduction
• Turn off features not in use
• OS Hardening
• Always display callees number
• Light up LCD display when dialing
• Export only security enhanced APIs to
  applications
• Attacking actions should be easily detectable by
  the smartphone user

22
Smartphone Hardening

• Hardware hardening
• SIM Toolkit (STK) API to securely load
  applications to the SIM
• STK allows operator to provision services
  directly to the SIM
• Combine STK and TCGs Trusted Platform Module
  (TPM) for hardware hardening

23
Internet Side Protection

• Rigorous software patching
• Vulnerability-driven network traffic shielding
• Smartphone ISPs (GPRS or CDMA) should restrict
  Internet access unless devices are fully patched

24
Telecommunication Side Protection

• Telecom traffic is highly predictable and
  well-managed (voice or SMS traffic only)
• Abnormal blocking rates of base station or switch
  (DoS attack)
• Abnormally high call-center load
• Abnormal end-user behavior

25
Telecommunication Side Protection

• Detecting abnormal end-user behavior will require
  in-depth analysis
• Junk SMS messages can be detected the same way as
  spam e-mail
• Methods exist to trace and limit smartphones
  effectively
• Very expensive to put defenses into various parts
  of telecom infrastructure
• Only a handful of telecom carriers, easy to
  coordination between them

26
Cooperation between the Internet and Telecom
Networks

• Exchange known vulnerability and attack
  information to reduce vulnerable services
• Advance knowledge of an attack on the other
  network can be passed along
• Telecoms blacklisted smartphones can be added to
  ISPs blacklists

27
Differentiating smartphones and other 802.11
clients

• Assign unique IDs to all Internet wireless
  endpoints, creating a mapping between SIM IDs and
  Internet wireless IDs
• Design smartphones to submit SIM IDs to APs for
  authentication

28
Modem-Equipped or VoIP-Enabled PCs

• These PCs cannot access both networks
  simultaneously?
• VoIP PCs lack SIM cards, so they cannot be
  spoofed
• VoIP PCs send traffic through an IP-to-PSTN
  switch, which can limit rates
• Smartphones are more popular?

29
Interoperation breaks design assumptions

• Telecom networks have dumb terminals and
  intelligent networks
• The Internet is a dumb network with smart
  endpoints
• The attacks listed were possible when combining
  the smart endpoints with intelligent networks
• Security must be considered before connecting any
  hardware to the Internet

30
Conclusions

• Imminent danger of smartphone attacks against
  telecom infrastructure (privacy issues, identity
  theft, DoS)
• Outlined some defense strategies
• Urge system architects to pay attention to
  insecurity of the Internet when connecting new
  peripherals

31
Questions Left Open

• With constant Internet available to smartphones
  today, how is this threat model changed?
• Is Symbian Signed and Windows Mobile signed an
  effective countermeasure?

32
My thoughts

• Paper was very light on details, perhaps to
  protect smartphone users?
• What about smartphones attacking other
  smartphones or Internet sites?
• Smartphone bandwidth now hundreds of times
  greater than when the paper was written
• Greater threat posed by VoIP, which connects to
  the telecom network as well, but has less
  restrictions on what those computers can do.
• Many more smartphones available, but much fewer
  viruses reported. Smartphone security doing its
  job?

33
My thoughts continued

• Smartphone Hardening section was very weak.
  Code-signing with certificates now used
• Clients today may run multiple SIM cards, or they
  could also swap them between multiple smartphones
• Users would notice when their batteries died
  quickly or their bills came in

34
Smartphone Viruses evolve

• 2006 Redbrowser.A Java Midlet sends SMS
  messages to a pay number while pretending to give
  free Internet over SMS (abusing J2ME)

35
Commercial Smartphone Spyware

• Flexispy
• Hides from process list, no icon or UI
• Records details of voice calls, SMS messages, GSM
  location info
• Hidden UI via special code
• Signed via Symbian Signed so no user prompts

36
Flexispy Installation
37
Questions