Cell Carriers Security Vulnerable

Wednesday, May 23, 2012 @ 11:05 AM gHale

There is a vulnerability in the network of at least 48 cellular carriers that allows attackers to surreptitiously hijack the Internet connections of smartphone users and inject malicious content into the traffic passing between them and trusted websites.

The attack, which doesn’t require an adversary to have any man-in-the-middle capability over the network, can go to work loading unencrypted Facebook and Twitter pages with code that causes victims to take unintended actions, such as post messages or follow new users.

Personal Devices OK for Work
Cracking Smartphone Passwords
Mobile Apps Bring Security Woes
Smart Phones ‘Leak’ Crypto Keys

It can also direct people to fraudulent banking websites and inject fraudulent messages into chat sessions in some Windows Live Messenger apps.

The vulnerability in play emanates from a class of firewalls cellular carriers use. While intended to make the networks safer, these firewall middleboxes allow hackers to infer TCP sequence numbers of data packets appended to each data packet, a disclosure that can tamper with Internet connections.

“The TCP sequence number inference attack opens up a whole new set of attack venues,” researchers from the University of Michigan’s Computer Science and Engineering Department wrote in a research paper. “It breaks the common assumption that communication is relatively safe on encrypted/protected WiFi or cellular networks that encrypt the wireless traffic. In fact, since our attack does not rely on sniffing traffic, it works regardless of the access technology as long as no application-layer protection is enabled.”

The researchers tested their attack on Android-powered smartphones manufactured by HTC, Samsung, and Motorola.

When the devices connected to a “nation-wide carrier” that used sequence number-checking, the researchers were able to able to hijack connections to online services including Facebook, Twitter, Windows Live Messenger, and the AdMob advertising network.

They could also spoof traffic from four unidentified banks and an unnamed Android app that gives real-time stock quotes. Zhiyun Qian, a recent PhD recipient and one of the coauthors of the paper, said the attack will also work against computers connected to networks using cellular cards or smartphone tethers. He said he believe Apple’s iOS devices can end up exploited also.

The paper reports of 150 worldwide carriers tested, 48 used firewalls that allowed researchers to deduce the TCP sequence numbers needed to hijack end-user connections.

Leave a Reply

You must be logged in to post a comment.