Feeds

Official: crackers have broken into GPRS billing

The over-billing attack

  • alert
  • submit to reddit

Best practices for enterprise data

Some time today, the GPRS world will reveal that it has a security vulnerability which has seen an undisclosed number of its customers ripped off. They've been trapped into connecting to malicious content servers, by hackers penetrating the billing system.

The first international phone company to admit that they have installed a solution - one offered by Check Point - will be the German phone provider, E-Plus.

The scam is called "the over-billing attack." It works quite simply because of a link from the Internet world - unregulated - to the normally tightly regulated GSM planet. "Network administrators face an exponential onslaught of attacks that to date have traditionally been confined to the world of wire line data," was the summary from Check Point.

There are lots of potential issues, but the one which has forced the phone networks to acknowledge that there is a problem, is a scam where a company obtains IP addresses that the GPRS operators own, in the "cellular pool" and start pinging those addresses.

When one of them responds, the scam operator knows that a user has been assigned the address. And, unbelievably, there was nothing to stop them simply providing services direct to that IP address - and taking the money out of the GPRS billing system to pay for it.

The network, typically, only found out about the attack weeks later, when the angry customer queried the service provided, and insisted that they had not signed up for it.

Getting the IP address list costs the crook no more than it takes to log onto the GPRS network with a data call, and getting assigned an address by a perfectly standard DHCP server inside the operator's network.

Check Point hasn't revealed specifics of how it blocks this attack, but the solution is based on its Firewall-1 software, which is already installed in most cellular networks.

"The problem could be fixed by changing the hardware," said a spokesman for Check Point. "But that would take a year to implement, and would require hardware changes in virtually every network operator's equipment. The alternative is to use the knowledge in the GPRS firewall to implement an action in the IP firewall."

The solution does require the operator to run Firewall-1 on its Internet equipment as well as its GPRS servers.

Once that is in place, Checkpoint has a single mnagement architecture for all its firewalls. "Our preferred solution is to write a rule that says: 'I have now closed this session on my GPRS side, so tell the IP firewall to look for any IP sessions with this IP address, and close them'," said a Check Point executive.

Check Point expects several other announcements from phone network operators in the coming weeks.

The problem isn't limited to GPRS. Any mobile network that is internally trusted - and that includes next-level technology like UMTS 3G networks - will face similar threats when linking its internal, trusting network to the free-for-all that is the Internet, and will have to adopt similar solutions, says Check Point.

"The vulnerability also applies between data networks. The GPRS Transfer Protocol, GTP, provides no security to protect the communications between GPRS networks," says the company in its sales blurbs. "So the GPRS/UMTS network is at risk, both from its own subscribers, and from its partner networks." Details from Check Point itself.

© NewsWireless.Net

Recommendations for simplifying OS migration

More from The Register

next story
Trying to sell your house? It'd better have KILLER mobile coverage
More NB than transport links to next-gen buyers - study
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
Speak your brains on SIGNAL-FREE mobile comms
Readers chat to the pair who flog the tech
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?