Mobile security: sms and wap job de Haas

Mobile security: SMS and WAP

• Job de Haas

Overview

• Mobile security

• What are GSM, SMS and WAP?

• SMS in detail

• Security and SMS?

• Security and WAP?

• What can we expect?

What is this talk not about

• Not about the underlying wireless technologies GSM, CDMA, TDMA

• Not from a GSM/SMS/WAP implementer point of view.

• Not about actual exploits and demonstrations of them.

What is this talk about?

• General perspective on security of mobile applications like SMS and WAP.

• From an external point of view, based on ~10 yrs experience in breaking systems and applications.

• Identifying potential problems now and in the near future.

Who is this talk for?

• People asked to evaluate security of SMS and WAP applications.

• People who want to do research into SMS and WAP security.

• People familiar with computer and Internet security but not with SMS and WAP.

Mobile Security

• General issues:

• Good User Interface paramount for security but very poor.
• Standards tend to omit security except for encryption (and some authentication).
• Creating yet another general purpose platform with associated risks.

What are GSM, SMS and WAP

• Cell phone technologies: GSM, TDMA, CDMA, …

• Short Messaging Service: SMS

• Paging style messages.

• Wireless Application Protocol: WAP

• ‘mobile’ Internet. A simplified HTTP/HTML protocol for small devices.

Standards

• GSM specific standards GSM xx.xx

• ETSI Special Mobile Group (SMG)

• new numbering scheme.

• 3GPP (move towards UMTS)

• new numbering scheme

• WAP Forum. WAP related standards WAP 1.1 / WAP 1.2

SMS

• SMS Description

• SMS Format

• Short Messaging Service Centre (SMSC) Protocols

• SMS Features: Smart SMS, OTA, Flash SMS

What is SMS?

• Store and forward messaging (PP and CB)

• Delivered through SS7 signaling

• 140 bytes data (160 7 bit chars)

• From anything that interfaces to a SMSC:

• Cell phone, GSM modem,PC dial-in,X.25 …

• Specifications at: http://www.etsi.org

SMS network elements

SMS data format

• Abbrv:

• SC: Service Centre
• MS: Mobile Station

• Basic types:

• SMS-DELIVER (SC  MS)
• SMS-DELIVER-REPORT (SC  MS)
• SMS-SUBMIT (MS  SC)
• SMS-SUBMIT-REPORT (MS  SC)
• SMS-COMMAND (MS  SC)
• SMS-STATUS-REQUEST (MS  SC)

SMS-SUBMIT

SMS-DELIVER

User Data Header

User Data Header Elements

Smart SMS/OTA

• Joined Ericsson/Nokia spec

• Allow sending of ‘smart’ information:

• Ringtones
• Logo’s
• Vcard/Vcal (business cards)
• Configuration information (WAP)

• Based on UDH with app specific port numbers.

Short Message Service Centre

• The SMSC plays a central role in the delivery and routing of the SMS.

• Every vendor has his own protocol to talk to the SMSC:

• CMG – EMI/UCP
• Nokia – CIMD
• Sema – SMS2000
• Logica – SMPP
• …

SIM Toolkit

• Subscriber Identity Module: SIM The Smartcard in the phone

• An API for communication between the phone and the SIM

• Partly an API for remote management of the SIM through SMS messages.

SIM Toolkit Risks

• Mistakes in the SIM can become remote risks.

• For example insufficient protection in the SIM might allow retrieval of personal information.

SMS Threats

• SMS Spam

• SMS Spoofing

• SMS Virus

SMS Spam

• Getting to be like UCE

• High charge call scams (“call me at xxx-VERYEXPENSIVE”)

• All public SMS gateways and websites become victims.

• Spammers buy bulk services from operators

SMS Spoofing

• Source of SMS messages is worth nothing.

• Roaming capabilities of users make it impossible to filter by operators.

• Only chance is for messages that stay within one SMSC/Operator.

• Intercepting replies to another address is difficult.

• Special case: Rogue SMSC using the Reply-Path indicator could intercept replies.

SMS spoof demo

• Modified sms_client

• Uses EMI/UCP OT-51 message

• Works on KPN, but also several foreign SMSCs

• Difference with a real mobile SMS is visible with a PC.

SMS Virus

• Scenario: SMS is interpreted by phone and resend it self to all phone numbers in the phonebook and …

• Likelihood:

• Pro: some vendors have big market shares: monoculture.
• Pro: phones will get more and more interpreting features.
• Con: zillions of versions of phones and software.

SMS Phone crash demo

• Modified sms_client: break the User Data Header.

• Has been tested on both UCP and OIS, but should work on anything that allows specification of UDH.

• Cause: broken sw in phone

• Seen on 6210, 3310, 3330

SMS summary

• SMS is much more than just some text.

• Sophisticated features are bound to open up holes (virus).

• SMS very suited to bulk application (like e-mail)

• Trustworthiness as bad or worse as with standard e-mail.

WAP

• WAP Description

• WAP Protocol

• WAP Infrastructure issues

• WML and WMLScript

What is WAP?

• HTTP/HTML adjusted to small devices

• Consists of a network architecture, a protocol stack and a Wireless Markup Language (WML)

• Important difference from traditional Internet model is the WAP-gateway

• Specifications at http://www.wapforum.org

WAP network model

WAP Protocol Stack

WAP Protocol Stack

WAP Transport Layer WDP

• An adaptation layer to the bearer protocol.

• Consists of

• Source and destination address and port.
• Optionally fragmentation
• WCMP

• Maps to UDP for IP bearer

WAP Protocol Stack

WAP Security Layer WTLS

• TLS adapted to the UDP-type usage by WAP.

• Encryption and authentication.

• Several problems identified by Markku-Juhani Saarinen:

• Weak MAC
• RSA PKCS#1 1.5
• Unauthenticated alert messages
• Plaintext leaks

WTLS

• Keys generally placed in normal phone storage.

• New standards emerging (WAP Identity Module [WIM]) for usage of tamper-resistent devices.

• Aside from crypto problems:

• User interface attacks likely (remember SSL problems)
• WTLS terminates at WAP gateway; MITM attacks possible.

WAP Protocol Stack

WAP Transaction layer WTP

• Three classes of transactions:

• Class 0: unreliable
• Class 1: reliable without result
• Class 2: reliable with result

• Does the minimum a protocol must do to create reliability.

• No security elements at this layer.

• Protocol not resistant to malicious attacks.

WTP

WAP Protocol Stack

WAP Session Layer WSP

• Meant to mimic the HTTP protocol.

• No mention of security in spec except for WTLS.

• Distinguishes a connected and connectionless mode.

• Connected mode is based on a SessionID given by the server.

WAP Session layer WSP

• Message types

• Connect, ConnectReply, Redirect, Disconnect
• Methods: Get, Post, Reply
• Suspend, Resume, Reply
• Push, ConfirmedPush,

WAP Session layer WSP

• Nothing is specified on the sessionid except that it is not reused within the lifetime of a message.

• Research done in Protos (Oulu, finland) shows first implementations pretty instable.

• Kannel still can’t handle large amount of connections (max threads).

WAP Protocol Stack

WAP Application Layer WAE

WML

• WML based on XML and HTML.

• Not pages of frames, but decks with cards.

• Images: WBMP, WAP specific

• Generally all compiled to binary by WAP gateway: Additional area of potential problems.

WMLScript

• The WAP Javascript equivalent.

• Located in separate files

• Also compiled by WAP gateway

• Allows automation of WML and phone functions.

• Javascript bugs all over again?

General WAP problems seen

• Poor session support: no or limited cookie support.  encode session info in URL (not always safe.)

• User identification based on WAP Gateway hack with caller ID.

WAP Infrastructure issues

• Attacking a dialed in phone

• Spoofing another dialed in phone

• Attacking the gateway

WAP gateway infra

Collusion attack

Attack on phone

WAP 1.2

• Push

• Model using a Push proxy gateway
• Dangers of user confirmation.

• Wireless Telephony Application Interface (WTA & WTAI)

• Access to phone functions
• ‘Automatic’ invocation of functions from WML/WMLScript

• WAP Identity Module (WIM)

WAP Push

WAP summary

• WAP mixes too many levels.

• Specs unclear in many areas concerning security sensitive issues.

• WAP gateway sensitive to multiple ways of attack.

• User interface interpretation very difficult on mobile devices.

Future

• Combining Smartcard and WTLS security; end-to-end SSL

• Increased number of features (interpretation + automation)

• Terrible UI

• Version explosion: phones, gateways, WAP/WML.