Visible to the public Biblio

Filters: Author is Lu, Songwu  [Clear All Filters]
2017-09-05
Tu, Guan-Hua, Li, Chi-Yu, Peng, Chunyi, Li, Yuanjie, Lu, Songwu.  2016.  New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :1118–1130.

SMS (Short Messaging Service) is a text messaging service for mobile users to exchange short text messages. It is also widely used to provide SMS-powered services (e.g., mobile banking). With the rapid deployment of all-IP 4G mobile networks, the underlying technology of SMS evolves from the legacy circuit-switched network to the IMS (IP Multimedia Subsystem) system over packet-switched network. In this work, we study the insecurity of the IMS-based SMS. We uncover its security vulnerabilities and exploit them to devise four SMS attacks: silent SMS abuse, SMS spoofing, SMS client DoS, and SMS spamming. We further discover that those SMS threats can propagate towards SMS-powered services, thereby leading to three malicious attacks: social network account hijacking, unauthorized donation, and unauthorized subscription. Our analysis reveals that the problems stem from the loose security regulations among mobile phones, carrier networks, and SMS-powered services. We finally propose remedies to the identified security issues.