Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki
Transcription
Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki
Smart-Phone Attacks and Defenses Discussion led by Aaron Isaki Authors Chuanxiong Guo Helen J. Wang Wenwu Zhu HotNets III November, 2004 San Diego, CA Microsoft Research Microsoft Research Microsoft Research Asia Definitions Smartphone – Mobile device containing both cellular components and Internet access, with powerful computing components similar to those found on desktop PC’s. Smartphone Operating Systems (OS) “covered” in this paper: Symbian, Windows Mobile/PocketPC, Palm, and embedded Linux. Problem Smartphones are interoperable between cellular networks and the Internet and have the potential to be dangerous conduits for threats from the Internet to the telecom infrastructure. Bridging the Networks Powerful Smartphone OSes Provide access to cellular network with cellular standards such as GSM /CDMA and UMTS. Access to the Internet with network interfaces such as infrared, Bluetooth, GPRS/CDMA1X, and 802.11; and use standard TCP/IP protocol stack to connect to the Internet. Multi-tasking for running multiple applications simultaneously (except for Palm OS). Data synchronization with desktop PCs. “Open” APIs for application development. Increased Threat Inevitable software vulnerabilities in complex OSes Always-on vulnerability to Internet worms Smartphone user population likely to exceed PC user population History of Smartphone Attacks Cabir, June 14, 2004 (Symbian OS worm) Duts, July 17, 2004 (PocketPC virus) Mosquito dialer, August 6, 2004 (trojan horse) Cabir/Caribe Worm Spread over Bluetooth Targeted Symbian Series 60 Proof of concept Messagebox payload, replication bug drastically limited spreading Cabir/Caribe Duts Proof of concept code Hand-written assembly for ARM processors “This is proof of concept code. Also, i wanted to make avers happy. The situation when Pocket PC antiviruses detect only EICAR file had to end ...” Main Contribution Presents a high-level outline of several attacks using smartphones on the telecom network Telecom network was relatively safe Widespread convergence of Internet and telecom networks on a single device increases threat to telecom networks Main Ideas Smartphones are the common link for the Internet and telecom networks. Smartphones are portable computers and can be subverted to launch attacks on previously secure telecom networks. Existing attacks that were successful on the Internet would cause much more damage and cost end users more. Compromising Smartphones “Attacks from the Internet” – viruses, trojans, or worms spread “the same way as PCs” Infection from compromised PC during data synchronization Peer smart-phone attack or infection (via Bluetooth or WiFi) Malformed SMS text message [?] Compromised Smartphone Attacks on Telecom Network Base Station DoS Using eight smartphones for each GSM carrier frequency can tie up a GSM base station Call other phones, but do not answer the incoming call (to avoid being charged) Ties up a time slot on each end for a minute, exhausting radio resources Compromised Smartphone Attacks on Telecom Network Call Center DDoS Using victims’ phones to remotely and automatically place calls Significant numbers of zombie smartphones would be needed to reach a cellular switch’s limited Busy Hour Call Attempts (BHCA) value Compromised Smartphone Attacks on Telecom Network Spam SMS Junk or marketing messages sent through SMS Abundant SMS packages make it possible to slip past owner’s notice “Good incentive to compromise smartphones” Compromised Smartphone Attacks on Telecom Network Identity Theft and Spoofing Smartphones allow remote reading of SIM card data International Mobile Subscriber Identity, SMS history, and stored numbers the target Attacker can use stolen identity Compromised Smartphone Attacks on Telecom Network Remote Wiretapping Passively record the conversations of their owners Report back to spies Encrypt and tunnel the conversation with other Internet traffic Defenses Smartphone Hardening Internet Side Protection Telecommunication Side Protection Cooperations between the Internet and Telecom Networks Smartphone Hardening Attack Surface Reduction Turn off features not in use OS Hardening Always display callee’s number Light up LCD display when dialing Export only security enhanced APIs to applications Attacking actions should be easily detectable by the smartphone user Smartphone Hardening Hardware hardening SIM Toolkit (STK) – API to securely load applications to the SIM STK allows operator to provision services directly to the SIM Combine STK and TCG’s Trusted Platform Module (TPM) for hardware hardening Internet Side Protection Rigorous software patching Vulnerability-driven network traffic shielding Smartphone ISPs (GPRS or CDMA) should restrict Internet access unless devices are fully patched Telecommunication Side Protection Telecom traffic is highly predictable and well-managed (voice or SMS traffic only) Abnormal blocking rates of base station or switch (DoS attack) Abnormally high call-center load Abnormal end-user behavior Telecommunication Side Protection Detecting abnormal end-user behavior will require in-depth analysis Junk SMS messages can be detected the same way as spam e-mail Methods exist to trace and limit smartphones effectively Very expensive to put defenses into various parts of telecom infrastructure Only a handful of telecom carriers, easy to coordination between them Cooperation between the Internet and Telecom Networks Exchange known vulnerability and attack information to reduce vulnerable services Advance knowledge of an attack on the other network can be passed along Telecom’s blacklisted smartphones can be added to ISPs blacklists Differentiating smartphones and other 802.11 clients Assign unique IDs to all Internet wireless endpoints, creating a mapping between SIM IDs and Internet wireless IDs Design smartphones to submit SIM IDs to APs for authentication Modem-Equipped or VoIPEnabled PCs These PCs cannot access both networks simultaneously? VoIP PCs lack SIM cards, so they cannot be spoofed VoIP PCs send traffic through an IP-toPSTN switch, which can limit rates Smartphones are more popular? Interoperation breaks design assumptions Telecom networks have dumb terminals and intelligent networks The Internet is a dumb network with smart endpoints The attacks listed were possible when combining the smart endpoints with intelligent networks Security must be considered before connecting any hardware to the Internet Conclusions Imminent danger of smartphone attacks against telecom infrastructure (privacy issues, identity theft, DoS) Outlined some defense strategies Urge system architects to pay attention to insecurity of the Internet when connecting new peripherals Questions Left Open With constant Internet available to smartphones today, how is this threat model changed? Is Symbian Signed and Windows Mobile signed an effective countermeasure? My thoughts Paper was very light on details, perhaps to protect smartphone users? What about smartphones attacking other smartphones or Internet sites? Smartphone bandwidth now hundreds of times greater than when the paper was written Greater threat posed by VoIP, which connects to the telecom network as well, but has less restrictions on what those computers can do. Many more smartphones available, but much fewer viruses reported. Smartphone security doing its job? My thoughts continued Smartphone “Hardening” section was very weak. Code-signing with certificates now used Clients today may run multiple SIM cards, or they could also swap them between multiple smartphones Users would notice when their batteries died quickly or their bills came in Smartphone Viruses evolve 2006 – Redbrowser.A Java Midlet sends SMS messages to a pay number while pretending to give free Internet over SMS (abusing J2ME) Commercial Smartphone Spyware Flexispy Hides from process list, no icon or UI Records details of voice calls, SMS messages, GSM location info Hidden UI via special code Signed via Symbian Signed so no user prompts Flexispy Installation Questions