Naresh Wadhwa Issue: India 2011
Article no.: 4
Topic: 3G – controlling the threats
Author: Naresh Wadhwa
Title: President & Country Manager
Organisation: Cisco Systems
PDF size: 603KB

About author

Naresh Wadhwa is President and Country Manager of Cisco – India & SAARC region. Prior to his current role, Mr Wadhwa headed Cisco’s marketing organization for Asia Pacific based out of Hong Kong. Mr Wadhwa began his career at Cisco India as a Sales Manager responsible for Cisco’s Enterprise, Commercial and IT services business. Subsequently, Mr Wadhwa was given responsibility for the telecom business in India. Next, in Hong Kong, Mr Wadhwa held a variety of positions in Channels, Commercial Strategy and Operations for North Asia. Prior to Cisco, Mr Wadhwa worked with 3Com Asia Ltd and Wipro Infotech. Mr Wadhwa, an industry veteran, was ranked among India’s most influential technology leaders in 2008 by ‘Great CIO’, Asia’s largest Social Network of CIO’s. Mr Wadhwa is an active member of several Trade Policy Committees such as the CII and ASSOCHAM. Naresh Wadhwa earned his Engineering in Electronics degree from Mumbai University.

Article abstract

Solutions exist that give operators ways to provide better service delivery and establish more granular control over the deployment of services. These solutions help identify subscribers, classify applications, guarantee service performance, provide information about IP services and guarantee network security for operator and user alike. Some are deployed at the network edge, they let operators control network traffic and subscriber usage. This helps increase average revenue per user (ARPU), strengthen customer loyalty and guarantee the delivery of innovative data services.

Full Article

The era of third-generation (3G) mobile services has arrived in India and it will revolutionize the entire mobile application market. 3G will provide subscribers access to an ever-expanding array of high-bandwidth applications. 3G data services, unlimited, high quality mobile content, audio and video streamed in a few seconds will give users a very rich experience. 3G gives mobile operators an opportunity to offer excellent content and services to subscribers, but the need for service differentiation is urgent. Ironically, though, the launch of 3G services by private operators in India aroused controversy regarding 3G security issues; real time interception of video calls is the highest profile issue. If the issue cannot be resolved, operators might need to withdraw these services and this could substantially reduce their profitability. The concerns regarding 3G security arise because the ‘always-on’ connections made possible by these networks expose subscribers and operators to a growing number of malicious threats. The biggest threat is from cybercriminals trying to steal data and make money. Cybercriminals steal consumer’s personal data to access and use their credit cards, bank accounts and the like. They access confidential business data, source code for vital company applications and probe for strategic data – corporate espionage – that competitors can use. These threats are not new; they have existed for some time on the Internet. However, the ubiquity of mobile services combined with the ease of access make high-speed mobile networks a fertile hunting ground. Today, smartphones are becoming more affordable and corporations are adopting ‘any device’ policies for corporate network access, which heightens security risks. Why 3G networks are vulnerable 3G networks are vulnerable because mobile operators, acting as Internet service providers (ISPs), are opening up their formerly closed networks to numerous other operators, data networks and the public Internet, to offer a wider array of services and content to their subscribers. Enabled by 3G, a variety of device types – smart phones, PDAs, notebook computers and data-capable feature phones – provide anytime anywhere access to data, so far more elements are susceptible to an attack. Attackers use a variety of tools to penetrate mobile operator networks – e.g., ‘botnet’-based denial of service attacks, mobile malware, or attacks which exploit unprotected weaknesses in signalling protocols (SIP) or other protocols that are integral to many operators’ networks. Mobile malware can spread through multimedia messages (MMS) – over any distance. Since MMS can go to email addresses, it serves as a cross-platform carrier – spreading malware from a PC to a mobile device or vice versa and impacts a mobile operator’s operations. Attacks can originate either outside the mobile network i.e. in the public Internet, private networks, other operators’ networks or within the mobile network i.e. from devices such as data-capable handsets and smart phones, notebook computers or even desktop computers connected to the 3G network. Cabir was a virus that originated inside the mobile network; this mobile virus was unleashed in Helsinki in 2005. The virus spread via file transfers and infected thousands of phones all over the world before being quarantined. The Slammer/Sapphire worm, though, originated outside the mobile network in 2003. Slammer/Sapphire destroyed 20 per cent of the global Internet traffic, shut down 13 thousand cash machines, delayed airline flights, and for a short period of time rendered emergency services in Washington useless. With the arrival of 3G, operators are working to migrate their networks to the IP Multimedia Subsystem (IMS) architecture. IMS uses open, standard, IP protocols to create communications links between various types of users. These connections can, and will, traverse multiple networks – the PSTN (public switched telephone network), the Internet, the mobile network, a cable network and/or a WiFi connection – each of which has unique vulnerabilities to different attacks. With 3G, hackers can peep into mobile phones just as they do with computers, listen to phone calls, check messages and control data on the phone. Data can be vulnerable to theft and misuse if a mobile phone is misplaced or lost. Attacking data networks can defraud the mobile operator of airtime, render the network unusable for a period of time and help hackers acquire subscriber information to steal their identities or billing/credit card information. Hijacking a subscriber’s IP address and using it for the attacker’s own purpose generates bills to legitimate users for time and services they did not use. In 2004, a leading USA mobile subscriber database was compromised when an attacker hacked into the network and viewed millions of user sensitive data (social security numbers, dates of birth, voicemail PINs, and passwords to email accounts). This not only hurt the service provider’s revenue and credibility, it also hurt millions of subscribers’ whose sensitive personal information was stolen or misused. Another type of attack, overbilling, involves a malicious user hijacking a subscriber’s IP address and then using it to initiate fee-based downloads or using the connection for their own purpose. In either case, the legitimate user is billed for activity they did not authorize or use. Attacks targeted at subscribers can include ‘marketing harassment’ where an attacker uses text messaging or other cellular phone services to pester subscribers, and generate extra charges for the subscriber. In 2006, more than 98,000 unsolicited short text messages were sent to wireless customers in the USA informing them that they had won a cruise and asking them to call and claim their prize. The attacker organization harassed subscribers with their messages, tainting the mobile service provider’s image in the bargain. Legal action was needed to stop further harassment. Virus propagation across 3G networks is a major cause for concern. Mobile viruses degrade the overall user experience and operators must bear the support and network-management concerns that denial-of-service (DoS) attacks bring. A DoS attack on an operator’s network denies Internet service to the operator’s customers, overwhelms the available bandwidth with meaningless data traffic, and impairs subscribers’ ability to use their cell phones. DoS interruptions affect both the mobile operator (lost revenue) and the subscribers (no service). Securing the 3G network According to a study conducted by the iGR technical consulting firm, “the estimated total impact of a three hour network outage on a prepaid operator’s network is US $20.5 million. This means there is a need for strong, multilayered, security technology – both in today’s 3G world and tomorrow’s IMS environment. It is not just mobile networks – most networks are vulnerable. Building security means taking an architectural approach to implementing security solutions in the network. Corporations need to think about data security in terms of encryption and access control (VPNs, identity based network access, strong passwords, etc). Service Providers need to protect end users by using techniques such as spam filters, web-security and content filtering. Mobile operators must implement a layered defence for their network that concentrates, whenever possible, wireless data services into a smaller number of data centres to protect end users. Mobile operators must deploy a variety of network safeguards such as firewalls, intrusion detection and prevention (IDP) and virtual private networks (VPNs). Operators should also make client-side anti-virus and firewall software readily available to their subscribers who use smart phones, notebooks and other susceptible devices and the firewalls they deploy must be robust enough to handle the traffic flow. Intrusion detection and prevention systems (IDP) complement firewalls by rapidly detecting attacks within the traffic that flows into the network. Operators need to adopt security policies that reflect the threats they face in the 3G world. Given the widespread use of WiFi and the evolution towards IMS based networks, they need to work with each other and the ISP community to vigorously protect traffic that flows between the networks. To improve control over network and user activity, operators must enable networks to differentiate between services such as web browsing, music downloads, video streaming, VoIP, or P2P traffic and control the quality of individual services. As new 3G services proliferate, potentially beyond the mobile service provider’s control, operators must equip their networks with service control capabilities to analyze traffic usage, control bandwidth allocation between the various services, and secure the network from malicious traffic. Adding service control elements to mobile data networks can provide mobile operators with a rich set of tools to manage network traffic, address performance and, as well, service security concerns. Solutions exist that give operators ways to create new paradigms for better service delivery and establish more granular control over the deployment of services. These solutions help identify subscribers, classify applications, guarantee service performance and provide information about IP services. Specifically built to be deployed at the network edge, they offer operators unparalleled control over network traffic and subscriber usage. This helps increase average revenue per user (ARPU), strengthen customer loyalty and guarantee the delivery of innovative data services.