Feeds

Official: crackers have broken into GPRS billing

The over-billing attack

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Some time today, the GPRS world will reveal that it has a security vulnerability which has seen an undisclosed number of its customers ripped off. They've been trapped into connecting to malicious content servers, by hackers penetrating the billing system.

The first international phone company to admit that they have installed a solution - one offered by Check Point - will be the German phone provider, E-Plus.

The scam is called "the over-billing attack." It works quite simply because of a link from the Internet world - unregulated - to the normally tightly regulated GSM planet. "Network administrators face an exponential onslaught of attacks that to date have traditionally been confined to the world of wire line data," was the summary from Check Point.

There are lots of potential issues, but the one which has forced the phone networks to acknowledge that there is a problem, is a scam where a company obtains IP addresses that the GPRS operators own, in the "cellular pool" and start pinging those addresses.

When one of them responds, the scam operator knows that a user has been assigned the address. And, unbelievably, there was nothing to stop them simply providing services direct to that IP address - and taking the money out of the GPRS billing system to pay for it.

The network, typically, only found out about the attack weeks later, when the angry customer queried the service provided, and insisted that they had not signed up for it.

Getting the IP address list costs the crook no more than it takes to log onto the GPRS network with a data call, and getting assigned an address by a perfectly standard DHCP server inside the operator's network.

Check Point hasn't revealed specifics of how it blocks this attack, but the solution is based on its Firewall-1 software, which is already installed in most cellular networks.

"The problem could be fixed by changing the hardware," said a spokesman for Check Point. "But that would take a year to implement, and would require hardware changes in virtually every network operator's equipment. The alternative is to use the knowledge in the GPRS firewall to implement an action in the IP firewall."

The solution does require the operator to run Firewall-1 on its Internet equipment as well as its GPRS servers.

Once that is in place, Checkpoint has a single mnagement architecture for all its firewalls. "Our preferred solution is to write a rule that says: 'I have now closed this session on my GPRS side, so tell the IP firewall to look for any IP sessions with this IP address, and close them'," said a Check Point executive.

Check Point expects several other announcements from phone network operators in the coming weeks.

The problem isn't limited to GPRS. Any mobile network that is internally trusted - and that includes next-level technology like UMTS 3G networks - will face similar threats when linking its internal, trusting network to the free-for-all that is the Internet, and will have to adopt similar solutions, says Check Point.

"The vulnerability also applies between data networks. The GPRS Transfer Protocol, GTP, provides no security to protect the communications between GPRS networks," says the company in its sales blurbs. "So the GPRS/UMTS network is at risk, both from its own subscribers, and from its partner networks." Details from Check Point itself.

© NewsWireless.Net

Choosing a cloud hosting partner with confidence

More from The Register

next story
Same old iPad? NO. The new 'soft SIMs' are BIG NEWS
AppleSIM 'ware to allow quick switch of carriers
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Brits: Google, can you scrape 60k pages from web, pleeease
Hey, c'mon Choc Factory, it's our 'right to be forgotten'
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.