SPAM IN CELLULAR NETWORK BY : HUSAIN HUSNA ** INTRODUCTION ** • Cellular networks are a critical component of the economic and social infrastructures in which we live. • Types of services : Voice and Data • Telecommunication companies offer connections between their networks and the internet. • Here the network becomes vulnerable. • Mobile spam is a growing problem for users • The efficient and accurate control of spam’s on mobile handsets is an important problem. …BUT WHAT IS MOBILE SPAM ? • Can be defined as messages of an unsolicited nature delivered to mobile hand-sets, which: –try to sell something to the user. –ask the user to call a phone number , which may be a premium-rate service. –destroy or change handset settings. –are simply messages of a commercial nature that intrude upon a user’s right to privacy and/or carry harmful content. • Mobile spam is potentially more threatening than fixed-line spam. ** FORMS OF MOBILE SPAM ** •Mobile spam can take many forms. •Pure forms occur as SMS, MMS or video messages. •Threat will (has) increase(d) with mobile e-mail and mobile internet ** USER RECEPTIVENESS TO MOBILE SPAM CONSUMERS ** • Spam consumers are not pleased with the fact that they are targets for spam. ** TYPES OF SPAM POSSIBLE ** • SMS spam's • Voice spam (telemarketing calls) • Phishing attack/identity theft (future attacks) GROWTH IN SPAM IN CELLULAR NETWORK ** RECENT ATTACKS ** • October 25, 2006 Verizon sues SMS spammers • Over the past few months, Verizon Wireless has filed several additional lawsuits against people and companies who sent unwanted text messages to their wireless subscribers, according to Cellular News. • "These lawsuits are just a small part of our company's efforts to stop unwanted messages from reaching our customers' handsets," • Stealth Attack Drains Cell Phone Batteries • Following McAfee's SMSishing warning/scare earlier this week of hackers sending out SMS messages to mobile users coaxing them into downloading unsuspecting software containing Trojan horse viruses - today, Science Daily reports on "stealth attacks" that drain cell phone batteries. [via digg] • "Cell phones that can send or receive multimedia files could be targeted by an attack that stealthily drains their batteries, leaving cellular communications networks useless, according to computer security researchers at UC Davis, in a lab test. ** SMS SPAMS ** • Everyone with an e-mail box knows about spam: junk messages hawking porn, Viagra deals or Nigerian get-richquick schemes. But now spam is going mobile, chasing after cell phone users who use text messaging services. • All the spam attacks against e-mail accounts, fax machines and voicemail will now be resurfacing in SMS on our cell phones. • Spam is an issue about consent, not content. • Determined spammers can still easily get their messages onto wireless phones, a process that can be even easier than sending junk mail to conventional e-mail accounts. • Some buy mobile phone number databases over the Internet. Others can simply try a brute force approach by massmessaging random numbers, targeting certain prefixes that tend to be used for mobile phones. • Spam text messages are more common in Europe and Asia, where many subscribers don't have to pay for incoming messages. • To skirt the messaging fee, the spammers send the text message through the Internet. • Text spam also differs in content from e-mail spam. Text spammers, limited to 200 characters per message, have to make their point quickly to maximize return. • The connections between the Internet and phone networks introduce open functionality that detrimentally affects the fidelity of a cellular provider's service. Through the generation and use of large, highly accurate phone hit-lists, we demonstrate the ability to deny voice service to large metropolitan areas with little more than a cable modem. • Moreover, attacks targeting the entire United States are feasible with resources available to medium-sized zombie networks. • A • Zombie computer, abbreviated zombie, is a computer attached to the Internet that has been compromised by a security cracker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a “botnet", and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Zombie Network ** IDENTIFYING VUNNERABILITIES ** • Cellular networks can be broken into two chief components the radio, or "air interface" and the wired backbone. • We are chiefly interested in how traffic injected from the Internet can be used to congest the air interface • We divide the air interface into two general components Control Channels and Traffic Channels. • Control channels of radio frequency allows cellular towers to send information pertaining to call setup, SMS delivery and network conditions (such as the availability of traffic channels) to mobile phones. • Notice that control channels have far much less bandwidth than traffic channels • Because text messages and mobile-phone call setups rely on the same limited resource, namely control channels, it is possible to attack this system. If enough text messages are sent so that no more control channels are available, calls will begin blocking (i.e. will not be connected). Figure 2: On the left, a request to set up a voice call is sent to the control channels. Because a number of unused control channels are available, the call will be connected. On the right, the control channels have been filled by SMS messages. If the attacker sends enough SMS messages to this particular tower, they can ensure that voice calls will always be blocked with a very high probability. • If an attacker were to flood the control channels with enough SMS messages to reach capacity, they could create the same Denial of Service (DoS) to a given area. ** MITIGATE ** • Many of the mechanisms currently in place are not adequate to protect these networks • The proven practicality of address spoofing or distributed attacks via zombie networks makes the use of authentication based upon source IP addresses an ineffective solution. • Separation of Voice and Data: It would be difficult for the numerous connections between the Internet and cellular networks to be closed by service providers. In light of this, the most effective means of eliminating the above attacks is by separating all voice and data communications. • The separation of voice and data is not enough to completely ensure unaffected wireless communications. In situations similar to September 11th where traffic channels are naturally saturated, Internet-originated SMS messages can still be used to fill data channels such that legitimate text messaging and therefore all communication becomes impossible. • Resource Provisioning: The effects of Internet-originated SMS attacks could be reduced by increasing capacity to critical areas in a similar fashion. Unfortunately, the cost of additional equipment makes this solution too expensive for widespread distribution. Even if a provider rationalized the expense, the elevated provisioning merely makes DoS attacks more difficult but not impossible. Additionally, the increased number of handoffs resulting from reduced sector size would induce significant strain on the network core. • Rate Limitation: On the air interface, the number of channels allowed to deliver text messages could be restricted. Given the addition of normal traffic filling control channels, this attack would still be effective in denying service to all but a few individuals. Additionally, this approach slows the rate with which legitimate text messages can be delivered, potentially elevating congestion in the core of the phone network. This approach is therefore not an adequate solution on its own. ** TELEMARKETERS ** • Telemarketing has been, and continues to be, a controversial marketing practice. Telemarketing can provide huge benefits for consumers. In many instances, consumers are introduced to new opportunities or products through telemarketing. • Telemarketing can also promote the availability of competitive alternatives to incumbent providers and help facilitate a competitive marketplace. • Unfortunately, certain telemarketing practices can be a significant and intrusive nuisance for consumers, as well as a source of consumer confusion. In some instances, rogue telemarketers can take advantage of this confusion to commit fraud against consumers. • "Junk" calls from telemarketers, akin to e-mail spam that everyone is familiar with, are growing by the day. • Under the federal Telephone Consumer Protection Act, it is against the law to use auto-dialers or prerecorded messages to call numbers assigned to pagers, cellular or other radio common carrier services except in emergencies or when the person called has previously given their consent. (47 USC 227) • But the law fails to specifically prohibit “live” telemarketing calls to cell phones. Telemarketers claim they do not target cell phones with solicitations, but it can happen, especially if a wire line phone number is inadvertently assigned to a cell phone. Aside from the privacy and annoyance factors of receiving junk calls on cell phones, there is the further aggravation of having to pay for those calls. (Cell phone users generally pay for both the outgoing and incoming calls.) ** VOICE SPAM IS DIFFERENT FROM E-MAIL SPAM ** • Different from e-mail spam – At 2 am, received a junk email sitting in Inbox. • But, a junk voice call is a real nuisance. –Most E-mail filters rely on content analysis. But in Voice calls, it is too late to analyze media for spamming. • Voice Spam Detection is difficult. –Headers for voice spam detection : “from”, “contact”. Are these enough ? –Detection in real time before the media arrives. • Spam is basically an unwanted call !!!!! ** PHISHING ** In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well. • Phishing in Emails • Phishing Via SMS • Phishing Via Voice calls Phishing Example Via Email Phishing Websites SMiShing is an unwelcome cross between SMS and phishing, the scam that tries to trick users into handing over confidential details online. Which means that phishing could soon make its debut on your small screen. • The virus targeted two major cell phone operators in Spain, sending messages that attempted to trick their subscribers into downloading free antivirus software for their phone, supposedly from their service provider. • Evidence suggests that the threat was created using existing codes from a variety of sources on the internet. By targeting a network operator’s SMS gateway, the messages can be sent for free, and details of how to hack those gateways are freely available over the internet. ** VOIP FUTURE TECHNOLOGY ** • Security experts predict that the next level of attacks will target services such as VoIP as well as Internet telephony (Skype). • The motive behind these anticipated attacks is expected to be the same as always, viz., financial gain, identity and information theft. These attacks will be similar to those that we have seen in the past on cellular and landline phones. • For instance, attackers may try to compromise a VoIP gateway, launch a denial-of-service (DoS) attack on call management software, exploit a vulnerability in a vendor’s Session Initiation Protocol (SIP) implementation or try to hijack VoIP calls through TCP (Transmission Control Protocol) hijacking and application manipulation. Spammers could flood voicemail boxes with unsolicited messages or interrupt conversations by injecting voice spam in them. • The latest threat on VoIP application is Spamming over Internet telephony (SPIT). “SPIT is a type of spam or solicitation made over VoIP. This means that spitters can now send annoying, repetitious advertisements similar to the spam choking our e-mail inboxes but in pre-recorded voice format. Not only can they send you voice messages, but they can also take over your VoIP network and send messages to other users that appear to originate from you ** BLUETOOTH ATTACKS ** • In Europe and Asia, there already have been cases of Blue jacking, where hackers use public Bluetooth hot spots in trains and other public areas where a greater penetration of more sophisticated Bluetooth-equipped handsets are in use. From a few feet away, hackers can sniff out phones with active Bluetooth connections. They can then break in by either tapping the handset's open sharing settings or sending a message, hoping the user responds. In either case, they can gain control of the handset radio and siphon off personal information. ** RESEARCH METHODS TO PREVENT SPAMS IN CELLULAR NETWORK ** • Black and white lists • Bayesian learning • Use of Presence to avoid Spams. • Header Based analysis to block a spammer before a call rings. • Track botnets and zombie machines. (In future 80-85% spams will be generated by botnets) Questions • Types of spam possible in Cellular Networks • How to circumvent them • Future spam in cellular technology • Research going on ** REFRENCES ** • Ram Dantu, Prakash Kolan '‘Detecting spam in VOIP networks'‘ • www.smsanalysis.org • http://www.whitedust.net/printpage.php?PageID=45 • S. Wolpin. Spam comes calling. http://techworthy.com/Laptop/June2004/Spam-ComesCalling.htm, June 2004. • Verizon Wireless. About the service. http://www.vtext.com/customer site/jsp/aboutservice.jsp. • J. Swartz. Cellphones now richer targets for viruses, spam, scams. http://www.usatoday.com/printedition/news/20050428/1a bottomstrip28.art.htm, April 28, 2005. • P. Roberts. Nokia phones vulnerable to dos attack. http://www.infoworld.com/ article/03/02/26/HNnokiados 1.html, February 26, 2003. • S. Marwaha. Will success spoil sms? http://wirelessreview.com/mag/wireless success spoil sms/, March 15, 2001. • G. Goth. Phishing attacks rising, but dollars losses down. IEEE Security and Privacy Magazine, 3(1):8, January 2005. • Cellular Online. Uk sms traffic continues to rise. http://www.cellular.co.za/news 2004/may/0500404-uk sms traffic continues to rise.htm, May 2004. • J. V. D. Bulck. Text messaging as a cause of sleep interruption in adolescents, evidence from a cross-sectional study. Journal of Sleep Research, 12(3):263, September 2003. THANK YOU !!!