New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks
| Title | New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Tu, Guan-Hua, Li, Chi-Yu, Peng, Chunyi, Li, Yuanjie, Lu, Songwu |
| Conference Name | Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4139-4 |
| Keywords | Attack, composability, defense, IMs, LTE, Metrics, mobile networks, network accountability, pubcrawl, Resiliency, SMS, spam detection, threat mitigation |
| Abstract | SMS (Short Messaging Service) is a text messaging service for mobile users to exchange short text messages. It is also widely used to provide SMS-powered services (e.g., mobile banking). With the rapid deployment of all-IP 4G mobile networks, the underlying technology of SMS evolves from the legacy circuit-switched network to the IMS (IP Multimedia Subsystem) system over packet-switched network. In this work, we study the insecurity of the IMS-based SMS. We uncover its security vulnerabilities and exploit them to devise four SMS attacks: silent SMS abuse, SMS spoofing, SMS client DoS, and SMS spamming. We further discover that those SMS threats can propagate towards SMS-powered services, thereby leading to three malicious attacks: social network account hijacking, unauthorized donation, and unauthorized subscription. Our analysis reveals that the problems stem from the loose security regulations among mobile phones, carrier networks, and SMS-powered services. We finally propose remedies to the identified security issues. |
| URL | http://doi.acm.org/10.1145/2976749.2978393 |
| DOI | 10.1145/2976749.2978393 |
| Citation Key | tu_new_2016 |