Your SlideShare is downloading. ×
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
SMS/MMS Security Platforms for Mobile Operators
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SMS/MMS Security Platforms for Mobile Operators

1,257

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,257
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
61
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SMS/MMS Security Platforms for Mobile Operators An Infonetics Research Webinar Co-produced with Cloudmark The Webinar Will Begin Shortly#MobileSecurity13
  • 2. SMS/MMS Security Platforms for Mobile Operators An Infonetics Research Webinar Co-produced with Cloudmark #MobileSecurity13
  • 3. 3 Jeff Wilson Principal Analyst, Security Infonetics Research Neil Cook Chief Technology Officer Cloudmark Today’s Speakers JoAnne Emery Event Director Infonetics Research (Moderator) #MobileSecurity13
  • 4. Agenda 4 Introduction and Solutions Overview 3 4 The Evolution from Email to Mobile Global Trends and Regional Attacks Next Generation Networks and Threats The Impact of Messaging Abuse 1 2 3 4 5 4 Conclusions Q&A 6 7 #MobileSecurity13
  • 5. SMS Spam Is a Reality 5
  • 6. With Impact Beyond Simple Annoyance 6 Annoyed customers and lost business Delivery mechanism for mobile malware
  • 7. 2 Basic Ways to Combat the Problem 7 PROTECT THE DEVICE PROTECT THE INFRASTRUCTUREOR
  • 8. Who Is Responsible, Users or Providers? 8 DEVICE INFRASTRUCTUREOR ‣ Spam-blocker apps ‣ Multi-function mobile security client ‣ Secure messaging client ‣ SMS firewalls ‣ Multi-function messaging security platforms SMS SMS E-MAIL IM OTT
  • 9. MNOs Must Take Responsibility 9 Why? ‣ Protect your users, improve customer satisfaction, and reduce churn ‣ Reduce traffic on your networks ‣ Save money ‣ Enable clean marketing channels ‣ Mitigate regulatory intervention ‣ Protect against the threat of OTT $0 $375 2012 2017 GlobalRevenue in$USMillions The global SMS/MMS security gateway market is on track to multiply 9-fold in the 5 years from 2012 to 2017 © Infonetics Research: SMS/MMS Security Gateways Biannual Market Size and Forecasts, June 2013
  • 10. Agenda 10 Introduction and Solutions Overview 3 4 The Evolution from Email to Mobile Global Trends and Regional Attacks Next Generation Networks and Threats The Impact of Messaging Abuse 1 2 3 4 5 10 Conclusions Q&A 6 7 #MobileSecurity13
  • 11. Message Abuse Originated with Email 11 Unsolicited or unwanted bulk messages. Spam Messages containing URLs or phone numbers seeking to deceive users and/or collect sensitive info. Fraud/Phishing Messages carrying malware or links to websites that infect devices with botnet or other malicious software. Malware Trusted traffic that generates revenue and/or does not compromise user security. Good Email MessagingAbuseGood Source: Cloudmark and M3AAWG Email Metrics Report #15 Q1, Q2 and Q3 2012 OF GLOBAL EMAIL TRAFFIC IS MALICIOUS 95PERCENTUP TO
  • 12. And Quickly Evolved to Mobile SIM Box 12
  • 13. Catalysts Driving the Move to Mobile 1. DMA/IAB Mobile Messaging study, 2011 13 Favorable Economics • Unlimited messaging plans reduce per-message costs • Pre-existing billing relationship to exploit and monetize • Free OTT to SMS services Subscriber Adoption and Trust in Mobile Operator • SMS has 2.5 times more reach than email • Used for news alerts, billing payments, banking, business updates • 98% message open rate - only 20% for email Low Security Impediments • Most mobile networks have not implemented security controls • Most messaging environments and devices vulnerable • Basic defenses easily defeated (keyword filtering, volumetrics, anti- spoofing)
  • 14. Agenda 14 Introduction and Solutions Overview 3 4 The Evolution from Email to Mobile Global Trends and Regional Attacks Next Generation Networks and Threats The Impact of Messaging Abuse 1 2 3 4 5 14 Conclusions Q&A 6 7 #MobileSecurity13
  • 15. Global SMS Spam Volumes 15
  • 16. Regional SMS Spam Trends 0% 5% 10% 15% 20% 25% 30% Bank / Account Phishing Adult Content Spam Win Free Stuff Scam We Buy Junk Cars Spam Pharmacy / Meds Spam Top US SMS Spam, 2Q13 16
  • 17. Regional SMS Spam Trends India SMS Spam Trends • Advertising spam • Airtel 3G cards • Massage • Real Estate Leases • Simbox propagated stock spam 17
  • 18. Regional SMS Spam Trends 0% 10% 20% 30% 40% Payday Loan Spam PPI Compensation… Debt Relief Scam Pension Scam Accident Compensation… Top UK SMS Spam, 2Q13 18
  • 19. Regional SMS Spam Trends 0% 5% 10% 15% 20% 25% Phishing Retail and Marketing Illegal Invoice and ID Card Finance and Insurance Marketing Top Chinese SMS Spam 19
  • 20. Nuisance Advertising En CENTRO Automotores accede al PLAN NACIONAL RENAULT solo con DNI. CLIO MIO desde $700 x mes sin int. Consulta otros modelos. Tomamos tu usado. Responde PLAN. In CENTER Motors access to NATIONAL PLAN RENAULT with ID only. CLIO MIO from $ 700 per month without int. See Other models. We take your used. Respond PLAN • Affiliate driven • Not maliciously intended • Intent is to market goods or services 20
  • 21. Fraud and Phishing Ваша банковская карта VISA заблокирована!Г орячая линия 8- 967-492-46-75 "Your bank card VISA locked! Hotline 8-967- 492-46-75" • Frequently target campaigns to specific carriers or specific geography • Spammers target their audience and bet on the odds that the recipient will believe the SMS was sent to them specifically 21
  • 22. Cross Regional Attacks 22 YOUR NUMBER HAS WON YOU $2,000,000.00 USD IN THE FREELOTTO MOBILE PROMOTION UK FOR CLAIMS EMAIL (NAME & MOBILE) TO prizeuk8@live.com
  • 23. Malware 23 Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at http://[redacted]. mobi for next 24hrs only! Source: Symantec SpamSoldier
  • 24. SpamSoldier Initial Propagation ‣ First, offers of an anti-SMS-Spam service were sent out: • Tired of SMS Spam? Download our free SMS Blocker today to finally rid yourself of unwanted messages! Download now at http://trendingoffers.com ‣ Later the pitch was updated to promise free versions of popular games • Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at http://gamerpalace.mobi for next 24hrs only! 24
  • 25. What SpamSoldier sends ‣ Solicits more installations of SpamSoldier: • Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at http://gamerpalace.mobi for next 24hrs only! ‣ Sends affiliate program and identify theft spam: • You've just won a $1000 Target gift card but only the 1st 1000 people that enter code 7777 at http://holyoffers.com can claim it! ‣ Sometimes including the victim’s phone number: • Your XXXXXXXXXX has won a $1k walmart gift card but only the 1st 500 people that enter code 500 at http://freshoffers.mobi can claim it! ‣ In one case, over 16,000 messages were sent from a single phone! 25
  • 26. SpamSoldier Carrier Impact ‣ 7 million total spam messages sent based on reports to 7726 • 5 million intended to further spread the malware • 2 million intended to monetize the attack ‣ Expeditious take down, only 10–20K infections ‣ Peaked at 4% of US SMS Spam 26
  • 27. Agenda 27 Introduction and Solutions Overview 3 4 The Evolution from Email to Mobile Global Trends and Regional Attacks Next Generation Networks and Threats The Impact of Messaging Abuse 1 2 3 4 5 27 Conclusions Q&A 6 7 #MobileSecurity13
  • 28. The Missing Piece ‣ There is no single point of control in most mobile networks for messaging spam and security • SMS firewalls can deal with message volume and cost to some degree, but do nothing for higher-layer security issue • E-mail spam taught us that controlling volume was the easiest to solve (and least important e-mail security problem): need to address higher-layer security threats • Messaging is much more than SMS, and iChat has taught the industry that users don’t distinguish as long as the message gets through 28
  • 29. 2G/3G Networks and SMS/MMS Still Vital 29 SMS/MMS REVENUE CONTRIBUTION REMAINS STEADY 2G/3G SUBSCRIBER BASE STILL MASSIVE © Infonetics Research: 2G, 3G, 4G Mobile Services and Subscribers: Voice, SMS/MMS, and Broadband, June 2013 $0 $100 $200 $300 $400 $500 $600 $700 $800 $900 $1,000 CY10 CY11 CY12 CY13 CY14 CY15 CY16 CY17 Revenue(US$Billions) Mobile Services Revenue by Category Voice SMS/MMS Broadband 0 1 2 3 4 5 6 7 8 CY10 CY11 CY12 CY13 CY14 CY15 CY16 CY17 Subscribers(Billions) Mobile Subscribers by Technology CDMA2000 cdmaOne GSM TD-SCDMA W-CDMA TDD-LTE FDD-LTE
  • 30. LTE Everywhere, Problem Solved? ‣ Next-generation networks hold no promise for comprehensive integrated messaging security, and a real solution needs to address • SMS/MMS • E-mail on mobile devices • IM and OTT messaging apps ‣ IMS opens up security holes in LTE, creating routes for attack but it will be embraced as a building block for RCS and VoLTE • Nothing in the RCS spec addresses application-layer security ‣ Users will still blame the carrier when OTT messaging apps or carrier-deployed OTT services inject risk • Services like Orange’s joyn are just the tip of the iceberg, and while users will love them, the pose serious risks 30
  • 31. How LTE Networks Impact MNO Security 4G / LTE More Bandwidth and Capacity Data-Centric, Connected Devices All-IP Network Evolving Attackers • Enables DDOS, spam relaying, and other attacks • Reduces cost to send spam • Open environment and protocols increase vulnerability to threats • Easier to hack than SS7 • Power computing devices vs. feature phones environment • Can be hacked, spoofed, and harnessed to run botnets • Danger of IP blacklisting • Much more skilled at IP attacks than voice oriented networks • Attracted to scale and scope of environment 31
  • 32. The Growing LTE Subscriber Base Presents Challenges LTE allows attackers to send more spam, faster than ever before Stop new spam and messaging attacks LTE driving email, MMS, IMS-based messaging, OTT messaging, VoIP calls, social network messaging, M2M communications and evolving protocols Protect across multiple protocols “Every spam received over [mobile messaging] by our customers is a potential reason for them to switch to OTT messaging” – Tier I Mobile Operator in US Manage threats from OTT players How Can Mobile Network Operators… Blended threats (SMS to e-mail, mobile app to SMS), mobile botnets, application-layer threats Fight Next-Gen Threats 32
  • 33. Agenda 33 Introduction and Solutions Overview 3 4 The Evolution from Email to Mobile Global Trends and Regional Attacks Next Generation Networks and Threats The Impact of Messaging Abuse 1 2 3 4 5 33 Conclusions Q&A 6 7 #MobileSecurity13
  • 34. Increased Operational Costs • More call center staff to handle complaints and investigations • Increased subscriber churn • Brand damage repair Revenue Loss • Excessive mobile termination charges from traffic imbalances • Grey route SMS traffic avoids fee payment • Subscribers cancel SMS service Brand Damage • From Exposing Subscribers to spam and fraud • From regulators imposing fines and controls Impact on Mobile Network Operators 34
  • 35. Revenue Loss Unbalanced Termination Charges Operator B Spammer Victim: Operator A Impact • Operator A pays Operator B for every delivered message – bad or good 35
  • 36. SMS/day = 100,000,000: SMS spam rate = 5%: MT cost/SMS = $0.005: Off-net termination rate = 50%: Cloudmark Confidential. Do not copy, repurpose, or distribute. 36 Mobile Termination Costs for SMS Spam Message Traffic Assumptions $4.5 MILLION PER YEAR SMS SPAM COULD COST AN AVERAGE MOBILE OPERATOR 36.5B SMS/year 0.0005 $0.005/SMS 0.5 x $4.5 million per year Calculations
  • 37. Revenue Loss International Gray Route Traffic Legitimate Advertiser International Gray Route OperatorLegit Broker Legit Broker Impact • Operator loses legitimate revenue • Marketing campaigns not billed accurately Pirate Broker 37
  • 38. Quantifying Grey Traffic Revenue Loss Cloudmark Confidential. Do not copy, repurpose, or distribute. 38 Average size mobile network operator: From European Airways – Online check- in for EA243 on 10th April 2013 is now open. Go to Europeair.com $4.8M/YR 16M Subscribers x 12 x $0.05 x 50% 16M Number of subscribers 60 Annual application-originated messages per subscriber for International traffic 1/5 Grey traffic vs. billable traffic 50% Average revenue loss on Grey traffic $0.05 International route termination costs
  • 39. Regulatory Intervention 39
  • 40. Multi-tier Solution to Deliver Clean Traffic 40
  • 41. Cloudmark Security Platform 41 IP Network Network Transparency Engine Reputation Engine Cluster EngineSolution Modules Workflow / Policy Engine SMTP HTTP RCS MMS IP- SMS SMS SMPP DataSourceLayer HTTP Security Layer Authority Sender Intelligence URL Categories Malware Data AV MYSQL LDAP Radius Diameter Network & Subscriber DBs OAMAPI Web Admin Interface SNMP Rest SS7 Network Protocol Engines
  • 42. Agenda 42 Introduction and Solutions Overview 3 4 The Evolution from Email to Mobile Global Trends and Regional Attacks Next Generation Networks and Threats The Next Generation of Threats 1 2 3 4 5 42 Conclusions Q&A 6 7 #MobileSecurity13
  • 43. Conclusion ‣ SMS/MMS spam is a serious problem today, but the true security threat will be harder to solve ‣ Operators will be held responsible for threats that originate or terminate in SMS/MMS ‣ Long-term solutions need to address all attack layers and multiple messaging platforms (SMS, IM, e-mail, OTT) ‣ Does anyone disagree? 43
  • 44. Agenda 44 Introduction and Solutions Overview 3 4 The Evolution from Email to Mobile Global Trends and Regional Attacks Next Generation Networks and Threats The Next Generation of Threats 1 2 3 4 5 44 Conclusions Q&A 6 7 #MobileSecurity13
  • 45. 45 Jeff Wilson Principal Analyst, Security Infonetics Research Neil Cook Chief Technology Officer Cloudmark Q&A JoAnne Emery Event Director Infonetics Research (Moderator) #MobileSecurity13
  • 46. Thank You This webcast will be available on-demand for 90 days For additional Infonetics events, visit https://www.infonetics.com/infonetics-events/ #MobileSecurity13

×