標題: New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks
作者: Tu, Guan-Hua
Li, Chi-Yu
Peng, Chunyi
Li, Yuanjie
Lu, Songwu
交大名義發表
National Chiao Tung University
關鍵字: Mobile networks;LTE;IMS;SMS;attack;defense
公開日期: 2016
摘要: SMS (Short Messaging Service) is a text messaging service for mobile users to exchange short text messages. It is also widely used to provide SMS-powered services (e.g., mobile banking). With the rapid deployment of all-IP 4G mobile networks, the underlying technology of SMS evolves from the legacy circuit-switched network to the IMS (IP Multimedia Subsystem) system over packet-switched network. In this work, we study the insecurity of the IMS-based SMS. We uncover its security vulnerabilities and exploit them to devise four SMS attacks: silent SMS abuse, SMS spoofing, SMS client DoS, and SMS spamming. We further discover that those SMS threats can propagate towards SMS-powered services, thereby leading to three malicious attacks: social network account hijacking, unauthorized donation, and unauthorized subscription. Our analysis reveals that the problems stem from the loose security regulations among mobile phones, carrier networks, and SMS-powered services. We finally propose remedies to the identified security issues.
URI: http://dx.doi.org/10.1145/2976749.2978393
http://hdl.handle.net/11536/136407
ISBN: 978-1-4503-4139-4
DOI: 10.1145/2976749.2978393
期刊: CCS'16: PROCEEDINGS OF THE 2016 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY
起始頁: 1118
結束頁: 1130
顯示於類別:會議論文