Feeds

Official: crackers have broken into GPRS billing

The over-billing attack

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Some time today, the GPRS world will reveal that it has a security vulnerability which has seen an undisclosed number of its customers ripped off. They've been trapped into connecting to malicious content servers, by hackers penetrating the billing system.

The first international phone company to admit that they have installed a solution - one offered by Check Point - will be the German phone provider, E-Plus.

The scam is called "the over-billing attack." It works quite simply because of a link from the Internet world - unregulated - to the normally tightly regulated GSM planet. "Network administrators face an exponential onslaught of attacks that to date have traditionally been confined to the world of wire line data," was the summary from Check Point.

There are lots of potential issues, but the one which has forced the phone networks to acknowledge that there is a problem, is a scam where a company obtains IP addresses that the GPRS operators own, in the "cellular pool" and start pinging those addresses.

When one of them responds, the scam operator knows that a user has been assigned the address. And, unbelievably, there was nothing to stop them simply providing services direct to that IP address - and taking the money out of the GPRS billing system to pay for it.

The network, typically, only found out about the attack weeks later, when the angry customer queried the service provided, and insisted that they had not signed up for it.

Getting the IP address list costs the crook no more than it takes to log onto the GPRS network with a data call, and getting assigned an address by a perfectly standard DHCP server inside the operator's network.

Check Point hasn't revealed specifics of how it blocks this attack, but the solution is based on its Firewall-1 software, which is already installed in most cellular networks.

"The problem could be fixed by changing the hardware," said a spokesman for Check Point. "But that would take a year to implement, and would require hardware changes in virtually every network operator's equipment. The alternative is to use the knowledge in the GPRS firewall to implement an action in the IP firewall."

The solution does require the operator to run Firewall-1 on its Internet equipment as well as its GPRS servers.

Once that is in place, Checkpoint has a single mnagement architecture for all its firewalls. "Our preferred solution is to write a rule that says: 'I have now closed this session on my GPRS side, so tell the IP firewall to look for any IP sessions with this IP address, and close them'," said a Check Point executive.

Check Point expects several other announcements from phone network operators in the coming weeks.

The problem isn't limited to GPRS. Any mobile network that is internally trusted - and that includes next-level technology like UMTS 3G networks - will face similar threats when linking its internal, trusting network to the free-for-all that is the Internet, and will have to adopt similar solutions, says Check Point.

"The vulnerability also applies between data networks. The GPRS Transfer Protocol, GTP, provides no security to protect the communications between GPRS networks," says the company in its sales blurbs. "So the GPRS/UMTS network is at risk, both from its own subscribers, and from its partner networks." Details from Check Point itself.

© NewsWireless.Net

Security for virtualized datacentres

More from The Register

next story
TEEN RAMPAGE: Kids in iPhone 6 'Will it bend' YouTube 'prank'
iPhones bent in Norwich? As if the place wasn't weird enough
Consumers agree to give up first-born child for free Wi-Fi – survey
This Herod network's ace – but crap reception in bullrushes
Crouching tiger, FAST ASLEEP dragon: Smugglers can't shift iPhone 6s
China's grey market reports 'sluggish' sales of Apple mobe
Sea-Me-We 5 construction starts
New sub cable to go live 2016
New EU digi-commish struggles with concepts of net neutrality
Oettinger all about the infrastructure – but not big on substance
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
EE coughs to BROKEN data usage metrics BLUNDER that short-changes customers
Carrier apologises for 'inflated' measurements cockup
Comcast: Help, help, FCC. Netflix and pals are EXTORTIONISTS
The others guys are being mean so therefore ... monopoly all good, yeah?
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.