Presentation is loading. Please wait.

Presentation is loading. Please wait.

International Telecommunication Union ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004 Threat Evolution in Wireless Telecommunications.

Similar presentations


Presentation on theme: "International Telecommunication Union ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004 Threat Evolution in Wireless Telecommunications."— Presentation transcript:

1 International Telecommunication Union ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004 Threat Evolution in Wireless Telecommunications Frank Quick Sr. Vice President, Technology QUALCOMM Incorporated

2 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates Industry Data (Worldwide) o In 2002, there were 570 million installed PCs (Gartner) 1132 new viruses discovered (Symantec) 105 computer virus infections per 1000 PCs (ICSA labs) o In the same year there were 1.1 Billion cellular phone users (Yankee Group)

3 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates Todays Mobile Phone o 100+ MHz processor o 10+ Mbytes flash memory o Medium-bandwidth IP connectivity o Downloadable applications Have access to user data Can initiate data connections Can send arbitrary IP packets, SMS

4 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates Tomorrows Mobile Phone o MHz processor(s) o 100+ Mbytes flash memory More if socket provided o High-bandwidth IP connectivity o Broadcast content reception Digital Rights Management o Downloadable applications Wider range of functions

5 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates The Mobile as Computer o Mobile phones can now do most things a PC can do, therefore: o Mobile phones will likely become a target for malicious code, as have PCs. o To date, only a few such attacks have been discovered for mobiles; however, o It would be unwise to assume this is because mobiles are less susceptible than PCs.

6 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates Attacks on Computers o Motivation Peer prestige, revenge, profit, theft o Objectives Disruption, spyware, trojan software o Methods Self-propagating viruses and worms, infected files and applications (e.g. games) o Access Internet, messaging, over the air

7 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates How Weaknesses Are Found o An attack often begins by finding a repeatable way to crash a platform Generally, attacks arent created by analyzing source code – usually not available The binary code, on the other hand is accessible in the.exe file (For many phones, binary code is also available via diagnostic ports.)

8 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates How Attacks Develop o The attackers share information about weaknesses o A more sophisticated attacker looks at the binary code to see what causes the crash E.g., if its a buffer overrun that overwrites the stack, it may be possible to modify the input to execute arbitrary code

9 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates How Attacks Grow o Once an exploit is developed, it is often made widely available on the Web Documentation of the vulnerability Attack scripts and source code o This allows many variant attacks to be created, making prevention difficult Virus-checking software updated often (Bandwidth limits make this expensive for mobiles)

10 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates Differences: Mobiles vs. PCs PCs: o Many PCs use the same brand Operating System o PCs can run both the code under attack and the attack software o Attacks are spread by IP, or web access o Denial of service affects IP services Mobile phones: o Diverse OSs, but converging o Phones cant directly run attack software (special hardware often needed to extract binary code) o Other channels are available for spread (e.g., SMS, false base stations) o Denial of service can shut down a cellular system

11 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates The Changing Mobile User Environment o In the past: Attacks on mobile phones were detrimental to both the user and operator (cloning) Attacks targeted individual phones o In the future: Attacks may be initiated by the user (cloning, defeating security) Viral attacks may target a large population of mobiles

12 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates Why would a user hack his/her own phone? o Upgrading The user obtains a better phone (perhaps stolen) and wants to clone the existing subscription without paying the carrier. o Digital Rights Management Users want to share files, games, etc. without paying o Subscription lock The user wants to change operators

13 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates Consequences o Users increasingly see the operator as an adversary o Users may unwittingly become victims of secondary attacks Defeating security features often opens a path for attack Cloning may be accompanied by trojan installation

14 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates What should manufacturers do? o Proactively address vulnerabilities Automated code reviews o Develop protocols to update software after sale Preferably by broadcast o Migrate to secure, trusted platforms Prevent core software modification Authenticate downloads Protect security information

15 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates Can manufacturer efforts suffice? o No. The defenders problem: any vulnerability can open an attack A perfectly secure platform may still be vulnerable to insider attacks Software updates may be impractical given the large numbers of mobiles o Conclusion: operators cannot rely on manufacturers to prevent cyber attacks

16 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates What can operators do? o Install firewalls Isolate critical servers from mobile data Block direct mobile-to-mobile packets Perform ingress filtering: block mobile packets with bad from IP addresses o Strengthen and automate responses Disable infected mobiles Isolate infected subnets Scan SMS and other network messaging Consider using broadcast code updates

17 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates What wont work o Virus scans on phones Updating definitions is too expensive o Virus scans on incoming IP packets Encrypted VPN connections prevent examining the contents of IP packets

18 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates Will operators take action? o Operators are reluctant to spend for a threat that has not yet materialized Cloning fraud reached double-digit percentages of revenues before authentication was deployed o It is to be hoped that operators will at least make contingency plans ITU-T recommendations could promote planning

19 ITU-T ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October dates Conclusions o Mobile phone computing power and connectivity is approaching that of PCs o Self-propagating viruses and worms may be possible in mobiles in the near future o Manufacturers should strive to minimize vulnerabilities to such attacks o Operators should prepare to take defensive measures o ITU-T recommendations may be useful


Download ppt "International Telecommunication Union ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004 Threat Evolution in Wireless Telecommunications."

Similar presentations


Ads by Google