Imagine what would happen if mobile networks were as open and vulnerable as the Internet is today…

19.01.07



• 80% of all received SMS (Short Message Service or text) and MMS (Multimedia Message Service, sending images and voice mobile to mobile in the same way as a text) messages would be spam
• Every month or so, your mobile phone could get infected by a virus, which wipes your address book clean (or starts calling people from your address book!); or by a worm which first sends itself to your contacts using MMS and then disables your phone.
• Occasionally you would be billed 100 Euros for premium services you didn’t order, but which turns out to be the result of some software you unknowingly downloaded to your handset bundled with a free game;
Before long, a Denial of Service (DoS) attack – launched from 50,000 infected handsets
simultaneously – would result in a partial network crash, meaning lost revenue for operators and
customers not renewing their subscription as a result.
• The workload at the mobile operator’s helpdesk and high-street shops would increase tenfold –
lots of customers complaining about unreachable destinations, crazy bills and malfunctioning handsets.

Is this a far-fetched scenario? All of these security breaches happen on the Internet already. And mobile networks are becoming more and more like the Internet – sharing both its advantages and disadvantages.

The first known outage of a mobile network was due to the Slammer/Sapphire worm in 2003, which spread in 15 minutes and led to (besides the shutdown of emergency services and thousands of cash machines) the loss of mobile service to 23 million users in Asia. And this attack was not even targeted at mobile networks…

Ups & Downs of Mobile Development

On the upside, the move from circuits (GSM today) to packets (3G and beyond) enables exciting new services such as multimedia messaging, high-speed web browsing, network-based games, streaming TV, etc. These appeal to consumers, and promise new revenue streams to operators to offset dwindling voice revenues. For businesses, the faster mobile links being deployed by operators can be used to provide remote access to branch offices (VPN), stream data from security cameras, and even serve as backup links for remote offices (ISDN replacement).

Mobile devices are also becoming ever smarter, doubling as cameras, MP3 players, TV screens, game consoles, GPS navigators, handheld computers, etc. Their operating systems (OS) are becoming more open, allowing third-party companies to develop applications that can be purchased and installed automatically through a web interface. This approach means the consumer can create a personalized service on his/her mobile phone.

But, on the downside, all these value-added services will only be taken up if they can be offered reliably. Sophisticated devices will only become popular if they can be protected from infections. And the first viruses and worms specifically aimed at mobile platforms have already been written. So far they are relatively harmless, but they won’t stay so for long. Hackers have had 20 years of practice on the Internet to hone their destructive skills!

The scenario played out above makes it clear that the role of security in mobile networks is crucial today, and will only become more so. Operators need to protect their networks from attacks, viruses, worms etc. But they also need to protect the handsets from becoming infected.
Security means not just installing firewalls and Intrusion Prevention Systems (IPS) throughout the network, but also designing the network as well as the services with security in mind (not as a panicked afterthought the first time a virus hits their customer base). It may also mean distributing smartphones with pre-installed security tools, and ensuring that these tools are kept up-to-date automatically. As consumers become more aware of the potential security threats faced by their mobile phone, they will become more discerning in their buying decisions (the car industry has already experienced this phenomenon, where the more secure, well-protected vehicles are the most popular.)

Now is the right time for a thorough investigation into mobile network and device security, and mobile operators are strongly recommended to work with expert vendors who really understand network security. Otherwise it will be only a matter of time before the first “mobile network brought down by attack” headlines are published…


The intellectual property in this article is ©2006 Juniper Networks Inc.
Contact: Gijs van Kersen, Mobile Marketing Manager, Juniper Networks EMEA, gijs@juniper.net