Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

PPT presentation

364 views

Published on

  • Be the first to comment

  • Be the first to like this

PPT presentation

  1. 1. Threat Evolution in Wireless Telecommunications Frank Quick Sr. Vice President, Technology QUALCOMM Incorporated
  2. 2. Industry Data (Worldwide) <ul><li>In 2002, there were </li></ul><ul><ul><li>570 million installed PCs (Gartner) </li></ul></ul><ul><ul><li>1132 new viruses discovered (Symantec) </li></ul></ul><ul><ul><li>105 computer virus infections per 1000 PCs (ICSA labs) </li></ul></ul><ul><li>In the same year there were </li></ul><ul><ul><li>1.1 Billion cellular phone users (Yankee Group) </li></ul></ul>
  3. 3. Today’s Mobile Phone <ul><li>100+ MHz processor </li></ul><ul><li>10+ Mbytes flash memory </li></ul><ul><li>Medium-bandwidth IP connectivity </li></ul><ul><li>Downloadable applications </li></ul><ul><ul><li>Have access to user data </li></ul></ul><ul><ul><li>Can initiate data connections </li></ul></ul><ul><ul><li>Can send arbitrary IP packets, SMS </li></ul></ul>
  4. 4. Tomorrow’s Mobile Phone <ul><li>1000+ MHz processor(s) </li></ul><ul><li>100+ Mbytes flash memory </li></ul><ul><ul><li>More if socket provided </li></ul></ul><ul><li>High-bandwidth IP connectivity </li></ul><ul><li>Broadcast content reception </li></ul><ul><ul><li>Digital Rights Management </li></ul></ul><ul><li>Downloadable applications </li></ul><ul><ul><li>Wider range of functions </li></ul></ul>
  5. 5. The Mobile as Computer <ul><li>Mobile phones can now do most things a PC can do, therefore: </li></ul><ul><li>Mobile phones will likely become a target for malicious code, as have PCs. </li></ul><ul><li>To date, only a few such attacks have been discovered for mobiles; however, </li></ul><ul><li>It would be unwise to assume this is because mobiles are less susceptible than PCs. </li></ul>
  6. 6. Attacks on Computers <ul><li>Motivation </li></ul><ul><ul><li>Peer prestige, revenge, profit, theft </li></ul></ul><ul><li>Objectives </li></ul><ul><ul><li>Disruption, spyware, trojan software </li></ul></ul><ul><li>Methods </li></ul><ul><ul><li>Self-propagating viruses and worms, infected files and applications (e.g. games) </li></ul></ul><ul><li>Access </li></ul><ul><ul><li>Internet, messaging, over the air </li></ul></ul>
  7. 7. How Weaknesses Are Found <ul><li>An attack often begins by finding a repeatable way to crash a platform </li></ul><ul><ul><li>Generally, attacks aren’t created by analyzing source code – usually not available </li></ul></ul><ul><ul><li>The binary code, on the other hand is accessible in the .exe file </li></ul></ul><ul><ul><li>(For many phones, binary code is also available via diagnostic ports.) </li></ul></ul>
  8. 8. How Attacks Develop <ul><li>The attackers share information about weaknesses </li></ul><ul><li>A more sophisticated attacker looks at the binary code to see what causes the crash </li></ul><ul><ul><li>E.g., if it’s a buffer overrun that overwrites the stack, it may be possible to modify the input to execute arbitrary code </li></ul></ul>
  9. 9. How Attacks Grow <ul><li>Once an exploit is developed, it is often made widely available on the Web </li></ul><ul><ul><li>Documentation of the vulnerability </li></ul></ul><ul><ul><li>Attack scripts and source code </li></ul></ul><ul><li>This allows many variant attacks to be created, making prevention difficult </li></ul><ul><ul><li>Virus-checking software updated often </li></ul></ul><ul><ul><li>(Bandwidth limits make this expensive for mobiles) </li></ul></ul>
  10. 10. Differences: Mobiles vs. PCs <ul><li>PCs: </li></ul><ul><li>Many PCs use the same brand Operating System </li></ul><ul><li>PCs can run both the code under attack and the attack software </li></ul><ul><li>Attacks are spread by IP, email or web access </li></ul><ul><li>Denial of service affects IP services </li></ul><ul><li>Mobile phones: </li></ul><ul><li>Diverse OSs, but converging </li></ul><ul><li>Phones can’t directly run attack software (special hardware often needed to extract binary code) </li></ul><ul><li>Other channels are available for spread (e.g., SMS, false base stations) </li></ul><ul><li>Denial of service can shut down a cellular system </li></ul>
  11. 11. The Changing Mobile User Environment <ul><li>In the past: </li></ul><ul><ul><li>Attacks on mobile phones were detrimental to both the user and operator (cloning) </li></ul></ul><ul><ul><li>Attacks targeted individual phones </li></ul></ul><ul><li>In the future: </li></ul><ul><ul><li>Attacks may be initiated by the user (cloning, defeating security) </li></ul></ul><ul><ul><li>Viral attacks may target a large population of mobiles </li></ul></ul>
  12. 12. Why would a user hack his/her own phone? <ul><li>Upgrading </li></ul><ul><ul><li>The user obtains a better phone (perhaps stolen) and wants to clone the existing subscription without paying the carrier. </li></ul></ul><ul><li>Digital Rights Management </li></ul><ul><ul><li>Users want to share files, games, etc. without paying </li></ul></ul><ul><li>Subscription lock </li></ul><ul><ul><li>The user wants to change operators </li></ul></ul>
  13. 13. Consequences <ul><li>Users increasingly see the operator as an adversary </li></ul><ul><li>Users may unwittingly become victims of secondary attacks </li></ul><ul><ul><li>Defeating security features often opens a path for attack </li></ul></ul><ul><ul><li>Cloning may be accompanied by trojan installation </li></ul></ul>
  14. 14. What should manufacturers do? <ul><li>Proactively address vulnerabilities </li></ul><ul><ul><li>Automated code reviews </li></ul></ul><ul><li>Develop protocols to update software after sale </li></ul><ul><ul><li>Preferably by broadcast </li></ul></ul><ul><li>Migrate to secure, trusted platforms </li></ul><ul><ul><li>Prevent core software modification </li></ul></ul><ul><ul><li>Authenticate downloads </li></ul></ul><ul><ul><li>Protect security information </li></ul></ul>
  15. 15. Can manufacturer efforts suffice? <ul><li>No. </li></ul><ul><ul><li>The defender’s problem: any vulnerability can open an attack </li></ul></ul><ul><ul><li>A perfectly secure platform may still be vulnerable to insider attacks </li></ul></ul><ul><ul><li>Software updates may be impractical given the large numbers of mobiles </li></ul></ul><ul><li>Conclusion: operators cannot rely on manufacturers to prevent cyber attacks </li></ul>
  16. 16. What can operators do? <ul><li>Install firewalls </li></ul><ul><ul><li>Isolate critical servers from mobile data </li></ul></ul><ul><ul><li>Block direct mobile-to-mobile packets </li></ul></ul><ul><ul><li>Perform ingress filtering: block mobile packets with bad “from” IP addresses </li></ul></ul><ul><li>Strengthen and automate responses </li></ul><ul><ul><li>Disable infected mobiles </li></ul></ul><ul><ul><li>Isolate infected subnets </li></ul></ul><ul><ul><li>Scan SMS and other network messaging </li></ul></ul><ul><ul><li>Consider using broadcast code updates </li></ul></ul>
  17. 17. What won’t work <ul><li>Virus scans on phones </li></ul><ul><ul><li>Updating definitions is too expensive </li></ul></ul><ul><li>Virus scans on incoming IP packets </li></ul><ul><ul><li>Encrypted VPN connections prevent examining the contents of IP packets </li></ul></ul>
  18. 18. Will operators take action? <ul><li>Operators are reluctant to spend for a threat that has not yet materialized </li></ul><ul><ul><li>Cloning fraud reached double-digit percentages of revenues before authentication was deployed </li></ul></ul><ul><li>It is to be hoped that operators will at least make contingency plans </li></ul><ul><ul><li>ITU-T recommendations could promote planning </li></ul></ul>
  19. 19. Conclusions <ul><li>Mobile phone computing power and connectivity is approaching that of PCs </li></ul><ul><li>Self-propagating viruses and worms may be possible in mobiles in the near future </li></ul><ul><li>Manufacturers should strive to minimize vulnerabilities to such attacks </li></ul><ul><li>Operators should prepare to take defensive measures </li></ul><ul><li>ITU-T recommendations may be useful </li></ul>

×