Smart-Phone Attacks and Defenses

Chuanxiong Guo
xguo@ieee.org

Helen J. Wang
helenw@microsoft.com

Microsoft Research

Microsoft Research

ABSTRACT

  

      
  
    
    
       

      
  
         
 
    
  

    

   

       

      
 

   
      ! "  

  
    # $


     "  

      
   
    %    
  
    
 
        $ "
          

 
  



       
     
   
"  &   
     
 

1.

INTRODUCTION

% '

 
  ()*+, -./0 
  

  %    '    


  
     
" "  "     

   
   
   
"  %   
   

 
   " 
 -120  34  
   

  144/ 
   .44   1445   

      67 -130    

 
      
    
 
  

 
   8 
!   
  9 ..     

    "       

    &   !   
   "  "  
  
   
   :    
        

 

    "  $  
     
 " ;
% " 
   <  =
 &  >

Wenwu Zhu
wenwu.zhu@intel.com
Intel Corporation

  
       
       ' 

 

        
   

 
 
   "   '   " 
 
       


       

  $ 1
 $ 3    
 "   
 
? 
 "   
 

    "    

 " $ "     

      

    

   
   
    
  $ /  
 
       "
 $ 2     $ @

2. SMART-PHONES

$
     '  
   
      
     
   
 
 
  "
  67  > 
   . 
  
   "
  
   "   

ABCDEF GH IJKELMNOPQFR SFTPJF FQUMNPBQLR PV SPLO

LOF WQLFEQFL KQU LFXFTPJ QFLYPEZR[

> "          
     
    
\     
 
]$ ^ 
  
 
  

  67  

     
 :   $
 ]$    $
 ]$ -120  & $
 ]$ -@0  6 ]$ -.10 
     >      
    ]$    
  -130 #

>   "    
   $& 7&>  &%$

  
    
   
   $&$     -90    
  
    " 
"          
 
  %      " 
 
   
     
 

>  
   " 

3.2 Smart-Phone Attacks against the Telecom
   ^  6$7&>.   41..?
Networks
]  
  
  
 
   %76
6
 "   
          "


     ^     "  '

&"   
 

 

   
   $&  " -140 

   
   "    

 "       "

67








!






  

 "
      

    "

]
 >6
  

 

  7&>    
  ]$ 
 >6
  
 

  
     
  

     

3.2.1 Background: GSM
$&     #  &  \

   

    67" 
 &\  ^ $ $  ^$$  
  
     :  ]$
" $ $  $$ &\   $  
        ]$ 

 &  $
&      


  &  
 

  

 &  $  
 
&$
 ^$$ 

     
   

   #  ^ % $ ^%$
 
       


     ^%$  &\ 
 "     67    

 ^ $ 7 ^$7     
 
    
    $$     
&$7  
     $& 
3. THE SMART-PHONE ATTACKS
  
  "   6$% 

     '      
^   $&    $ &

   
     
  $ $&$ -.0  & &  $ -50 

 
  "  " 
 6$ 
"   -/0 
 
 
3.1 Compromising Smart-Phones
%  
       
%      
   

  $&      %   
#
 &
 > %&>&>   
. LLKTZR VEPJ LOF WQLFEQFL# $ 
 

     &>    

 
    
 
 12 &!   .1/    144
!   ]     
    67     %8 
  % ' $   %8  -.90  
       \    






















 
   
   

         %&> 


         

$
1 WQVFTLBPQ VEPJ TPJNEPJBRFU  UDEBQC UKLK
         

   

R
QTOEPQBKLBPQ# $
  
 

   %    
   =  
!       

   %
   3  / 
 7&>  

 "
67   ! 
    " -3 ..0    
0



-@
 %      
" >$ 
      =       
 
   
 
     
! 67  %      
% " 
     

  "  '   !

# .
 =   

  1 



67    
     
    
   
  



  ! 
 $
&     ' 
   

  " 

   
 =
3  FFE RJKELMNOPQF KLLKTZ PE BQVFTLBPQ# > 























     


 



      
  
   

     6 > 
$
&     

  % 

" 6>    ^  ^
     
   

  
       
   $ 
    
         

      "    
  % ' 
  7  -./0  
 
  
     
   
   

3.2.2 Attack I: Base Station DoS

7
 
   "
 
  & $
 $ >6

 ) 
() -@0    
      
" 
  
%     $&     
    
     
 
 !      
   
         %
!    
     
 

        
    
       
   
'       
  
 
             
    
 $     

         
  
'  
       
     
% 
   
  "     
  "    '
  "
) * +
,)        
  "  %
     
 "    "     4 4 . 
% 
   " 
  
         "  
 %  "
     
 \ ^  -.0 #        
  
            


    

      

"
   %
 
   
    .2 .@      .2@3 \
      "   
   
 4 4 .   4 4 .     
  /
      31    
  /    31 \ ^    
 
         
  =     
   

  % 
     
  
 
    


 
    31   "

     .1 ?  .@  1/   


 "        .@/  23 @  

?   31   "    

     %      
  
  8 
!     
  
$ "      6$
 6$
          6$    
  %        .5. 
  $
   
      6$
"   
   
 

6/      >%  >6%  
     

    

 
     ' 
      
"    

3.2.3 Attack II: DDoS Attack to Call Centers

% "    

      
       
    
 %     
  
 $ "
   
$ "  
   
  


        
    %  "  
 
  
  7  " 
   "      
 
    
 !    
 "      "  
%   "    "  
  = " 
$ $ "      6$% 
         ^ 
7 >
 ^7> %   
 
 ^7>            
 
    "  $
  .. 144 . 

          

     !"  $    
 
 !      :
 
  
 $ "    

   '     8 
!
   "   9 ..   
  
      
   
 

3.2.4 Attack III: Spamming

>"  
 
 !   
8 "  "     $&$
   
      :   
 
 

   ?        
     $&$ 
  "  
  
 
 

3.2.5 Attack IV: Identity Theft and Spoofing

%
   
&$
   $
&   
'  
         
    " 

 
    
  

 $
&  -1.0   
 

    $
&      .24444
           
  &   "      
       
 

  
   ;   

 
  " 
   
       %  

       $
&   
           
'        

    "    


 
     "  
 
    
   "  
]
6  
     

!    
 
    

      
  

3.2.6 Attack V: Remote Wiretapping

> 
 !   
   
     ?    

 "   
  $ "     
    
    

?  
 =    
  
    
 =    
 
   =   
   

 
 
$     

  
   "  
   
  '    

4.

DEFENSE

    

 "   
#     
    
  ?
  ?   ? 
   
   
"           :  

       
 
  
  
     

     

4.1 Smart-Phone Hardening

6
       
  
 
   
   -.20      
           
         
     
      
 
 
     

         " 

    

    
#

LLKTZ RDEVKTF EFUDTLBPQH ] 
   
  "    
  % 
     

  67 -20  
      
 


 

 " '  "

 
        

   
     
     67  >   

           
  
    "   
 
 
  $&$     67
   

        

       

I OKEUFQBQCH $
 ]$   
     
  
     
7 
   
%      
  
 >6
  

    ]$

 "     
 ]$ 
   "   
         

  

KEUYKEF OKEUFQBQCH

          

    

   
    $
&   % $
& 
   
     $
& %"
$% ;  >6
   

 
 $
& $%     
   

       $
& 

      $&  ]
 

      $% 

 %7  % 6 &  %6& -.40 

    %   
  
    

4.2 Internet Side Protection

%       




  
    

  

    
    
  

    " =  -1/0

       
 
"      "  
 
    

 
 
      



  ; 
      

   
 7 8   

  
     "

  6$  7&>. 
     
 ' "  
  



        

 
   >    

      
  % " 
       
 
41.. 
 
 #  41..

    
    
=  
     
   

 
      
 "     " 
   %   
   

     " "
  
 
      
    
  
   "  
    
    
  "
 " 

4.3 Telecommunication Side Protection

%       

 
  

    %
"        
     
 
 " 
 =  = 
 
          
  $&$ =  %     =  
     %  
 "
     !   
   "#
. >  "         #
   "     
    4 4 .  >     "
           " 
$   
" 
   6$
 7&>
  "     
 
1 7    #
    

 
 :     
     
      
 "   " 
3  >    # $    
       
 =   =?

  
"       
  
 
&         
"      "    
         

      !   8 " $&$ 

   
   
 '  


 
         
   " 
     '
  
  !  

   "  ;
      "   
 
 "  >   "    
  '   
      
   %      
    "  
  
     
 
   
  
    
>     "    
     "    
> $     
 %
           
  

4.4 Cooperations between the Internet and Telecom Networks

$

  
   
 
  \    

  "    
    
  

  =   

   "     

 " 
    "     
   
   "  % 
"   
     
       
 
 
'
"           
"  "  
     

  


   " 
   
   '  

  "   
 !    

 
 >6 
 8 
 !     
 %  
$
&
      
  
>6 
 6$   
   
      41.." >6    
     >6   8   
 


   
 
? 
 >6   !    

        

  
        


    #
. $        

  
     
  

  
    


 $
&
 
 
  % 
   ' " 
  
      41.. 
1     
 ]$    $
&

 >6     
 

   ]$   $ / . %
     "  ' %
" ]$ 

      

   ]$    
   $ / .

5. DISCUSSIONS
5.1 Modem-Equipped or VoIP-Enabled PCs
& 

   ]
6  67  


    
    
  "    $ 3   
        67  

  67 

   
  
& 

 67       

"        ?  "  " 
       "   


 $ 3 1@  

  
6 
67    $
& ?    
" $ 3 12  
  >  
6 
67     
 
  
6
6$%   $
    
   "  
6  67  &
 
    "    

 67   



5.2 Interoperation breaks design assumptions


      

 
   
   " 
%
   "   
    %  "  

         

          
  " 
]    
      


    " 

   

             
        

   

>        
   !  
 
  > 
  
      " 
  
 
^ "     '  

# % "     


          
  ?  :    
  
!          
        
"    
  
 
    "      7
  "    $ 3 
 
  " 
  "  
  
  

 !  
  

 
"  !       

] "         
   
   " 

     "  %

   :         
    "  ^    
           
    
 $    
   
'  
' "  
        
  
     =  

  
         
  
   
  "  


 

   "     


"    
    "   

  "     
    
  
   
$  "  "      

      
  
 "  
'       
'        %  
 
   
    
     
  

6.

CONCLUSION

 


      
     
 
 "
          
   
     
          
           
         
 
       

   

  


7.

-.10
-.30
-./0
-.20
-.@0

-.50
-.0

ACKNOWLEDGEMENT

 " <  

    
 "  " ^   ^
 
 
  
     
   '   

    "
  


8.

-..0

REFERENCES

-.0
 >   >
   \ ^  \

7 ))
 
>  144 .
-10 > ^"   > ]
6 % " 
 (+ )+   )
) +
 1443 
-30  ^  $  %  >
6^
&%$ $ >  
,

   144 .
-/0
 7  
     6"
 $  $&  (+ )+
)
)+ ]  .995
-20 & 7
   $ %  
 6 $ 6" 1 $61

#  
 


1

  



1

-@0 & 7
   &  
$
  
#
 


-50 $
 7      &
>
   & &  $
 (+ )+   )
) +
 144/ 
-0     !      "  
    ] 

 !!

 #     
 

 , +
  
 
 ,)+)  + 
   )  + ,+     +    144/ 
-90 $ $&$  

#  
-.40 % 7
 
 %7 %6& $
'
 .1#   6
 

#
 
 

-.90

-140
-1.0
-110
-130
-1/0

-120

 "   6"  &"" % & 

 > %  7&>   >  3 

^   +, (+ )+  )

)+
>
 1441
6]
  % 
 

#

 

7   
 7  
7
  $  

 
 ,     1443 

"        
 144/ 

#"
"./9/9911@
^  
  7
 $   
   (  ,
 144/ 
 &    "  $ $ 


 $ > 

, +
  
   !   ,+  +
144 .
 6   ^ #     "
   (  , 
,
3 .13 1/#1/32 1/@3 .999 
 6  $  7" 6 =
   $
  %   $  & 
7 $ &  $ 
,) (+ )+ )
)+
 1444
7 6"  $   
   
  $ ^  &^ &

#


31599/".
&  ]   $& $ 
6 >  (+ )+
)
)+ >
 .993
%
$>>7  
 $& 7 

#   "   
&  $    
 " 
 , +
  # $%% $ 
     .999 
$
    ]$    

"  (  , 3@ @ 1443 

   7        $ 
 > <   $#  
" ' 
 "  

 
 ,   &(' >  144/ 
$  

  $  
  

 
#