[IP] hackers have broken into GPRS billing
Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Thu, 02 Oct 2003 07:25:53 -0700
From: Dewayne Hendricks <dewayne@xxxxxxxxxxxxx>
[Note: This item comes from reader Claudio Gutiérrez. DLH]
At 9:35 -0400 10/2/03, Claudio Gutiérrez wrote:
From: Claudio Gutiérrez <gutierrezclaudio@xxxxxxxx>
To: <dewayne@xxxxxxxxxxxxx>
Subject: hackers have broken into GPRS billing
Date: Thu, 2 Oct 2003 09:35:01 -0400
Some time today (October 2th), the GPRS world will reveal that it has a
security vulnerability which has seen an undisclosed number of its
customers ripped off. They've been trapped into connecting to malicious
content servers, by hackers penetrating the billing system. The first
international phone company to admit that they have installed a solution -
one offered by Check Point - will be the German phone provider, E-Plus.
The scam is called "the over-billing attack." It works quite simply because
of a link from the Internet world - unregulated - to the normally tightly
regulated GSM planet. "Network administrators face an exponential onslaught
of attacks that to date have traditionally been confined to the world of
wire line data," was the summary from Check Point.
There are lots of potential issues, but the one which has forced the phone
networks to acknowledge that there is a problem, is a scam where a company
obtains IP addresses that the GPRS operators own, in the "cellular pool"
and start pinging those addresses. When one of them responds, the scam
operator knows that a user has been assigned the address. And,
unbelievably, there was nothing to stop them simply providing services
direct to that IP address - and taking the money out of the GPRS billing
system to pay for it. The network, typically, only found out about the
attack weeks later, when the angry customer queried the service provided,
and insisted that they had not signed up for it.
Getting the IP address list costs the crook no more than it takes to log
onto the GPRS network with a data call, and getting assigned an address by
a perfectly standard DHCP server inside the operator's network.
Check Point hasn't revealed specifics of how it blocks this attack, but the
solution is based on its Firewall-1 software, which is already installed in
most cellular networks. "The problem could be fixed by changing the
hardware," said a spokesman for Check Point. "But that would take a year to
implement, and would require hardware changes in virtually every network
operator's equipment. The alternative is to use the knowledge in the GPRS
firewall to implement an action in the IP firewall."
The solution does require the operator to run Firewall-1 on its Internet
equipment as well as its GPRS servers. Once that is in place, Checkpoint
has a single mnagement architecture for all its firewalls. "Our preferred
solution is to write a rule that says: 'I have now closed this session on
my GPRS side, so tell the IP firewall to look for any IP sessions with this
IP address, and close them'," said a Check Point executive. Check Point
expects several other announcements from phone network operators in the
coming weeks.
The problem isn't limited to GPRS. Any mobile network that is internally
trusted - and that includes next-level technology like UMTS 3G networks -
will face similar threats when linking its internal, trusting network to
the free-for-all that is the Internet, and will have to adopt similar
solutions, says Check Point. "The vulnerability also applies between data
networks. The GPRS Transfer Protocol, GTP, provides no security to protect
the communications between GPRS networks," says the company in its sales
blurbs. "So the GPRS/UMTS network is at risk, both from its own
subscribers, and from its partner networks." Details from Check Point itself
<http://www.newswireless.net/articles/031002-scam.html>
Archives at: <http://Wireless.Com/Dewayne-Net>
Weblog at: <http://weblog.warpspeed.com>
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/