So far, when one mentioned mobile security, it meant two possible security attack vectors. They were either attacks at the network perimeter – such as high-volume Denial of Service (DoS) attacks at the network level – or attacks at the critical-infrastructure level (RADIUS, Diameter, LDAP servers, etc.) – which means targeted DNS or HTTP traffic attacks. Well, the mobile security landscape is now changing, introducing a new attack vector – mobile clients!
With the recent advancements of both 3G mobile networks and smart-phones (read: iPhone/Android devices), any mobile user has mobile broadband connectivity and enjoys an open OS with many downloadable applications – that can be also mobile attack tools. The combination of these presents a new reality; a reality in which virtually any mobile user can become a potential attacker! The result – as you can guess by now – mobile operators are increasingly getting concerned about that.
Probably the most interesting fact to point out is that this new breed of mobile attacks is omni-directional, i.e. mobile to network, network to mobile (often initially triggered by a mobile attacker) as well as mobile to mobile (M2M). M2M attacks are the trickiest; as the mobile attacker will exploit the mobile core network resources and use its services (SMS, MMS, sending data, etc.) to attack other clients on its network. The impact of hand-held mobile device as a source or destination for attacks may vary from just annoying battery draining attacks to network paging overflow attacks, resulting in network disruption. But they can also include a complete mobile network breakdown. This could definitely make one quite nervous, huh?
From the mobile operator angle, it is essential to deploy the full means of protection against such multi-vector attacks, by utilizing a security attack mitigation solution that will defend not only the mobile network, but also its clients at the perimeter, critical infrastructure level and mobile device layers. Specifically, it is cruicial to detect on-the-fly “mis-behaving users” that can potentially become concrete attackers.
So next time your iPhone battery starts to drain too quickly, unless you downloaded some battery-intensive application (which is a totally different probelm…) – your mobile device might just be under attack!
Until next time,