019

NEW THREATS ON MOBILE ENVIRONMENT IN KOREA : NEW THREATS ON MOBILE ENVIRONMENT IN KOREA KYU-BEOM HWANG (hwangkb@ahnlab.com) AND DEOK-YOUNG JUNG (human@ahnlab.com)


AGENDA : AGENDA KOREAN MOBILE ENVIRONMENT TYPE OF PROBLEMS WHAT IS THE PROBLEM ? EXPECTED FORM OF ATTACK COUNTER MEASURES CONCLUSIONS


KOREAN MOBILE ENVIRONMENT : KOREAN MOBILE ENVIRONMENT USED AROUND 81%(39.4million) FOR SEPTEMBER 2005. SERVICED BY SK TELECOM, KT FREETEL, LG TELECOM POPULARIZE GAMES, MOVIE CLIPS ON THE MOBILE PHONE Number of mobile phone users


KOREAN MOBILE ENVIRONMENT : KOREAN MOBILE ENVIRONMENT MORE THAN JUST FOR TELEPHONE Digital Entertainment Digital Mobile Broadcasting MP3 Player Movie Player Digital CAMERA Mobile GAME Device ( 3D Support ) PIM Contacts Calendar WAP Browsing / Web Browsing File Storage / Exchange And more… Satellite DMB (Digital Multimedia Broadcasting)


KOREAN MOBILE ENVIRONMENT : KOREAN MOBILE ENVIRONMENT SMS HAS BECOME MORE POPULAR THAN VOICE GETTING INFORMATION VIA MOBILE PHONE ;.e.g. CAR NAVIGATION SYSTEMS BUS TRACKING and etc. WITH PC TO EXCHANGE MASSIVE DATA MP3 Games Movie Clips Pictures USING USB CABLE TO CONNECT PC Provide the modem driver for mobile phone Provide the software ;i.e. Exchange data Edit phone numbers


CAUSES OF THE PROBLEM : CAUSES OF THE PROBLEM EBOOKMAKER QPST BITPIM PHONEMANAGER


CAUSES OF THE PROBLEMS : CAUSES OF THE PROBLEMS TOOLS USED BY UNTHINKING USERS Many communities which share tools and information Causes error on the phone USING QPST, BITPIM TO EXCHANGE COMMERCIAL DATA WITHOUT PERMISSION To copy disallowed contents Commercial contents (e.g. games) Movie clips E-Books Any other files To analyze unauthorized data on mobile phones


CAUSES OF THE PROBLEMS : CAUSES OF THE PROBLEMS ACCESSING FILES ON EFS Deleting system files ;i.e. The mobile phone could be out of service Copying too many files Short of memory resulting in error REVEALED DOCUMENT ABOUT EXTERNAL INTERFACE OF MOBILE PHONE LEADING TO Unwanted, unnoticed dialing (i.e. International calls ) Sending junk messages ( by SMS ) Simulating user actions


WHAT IS THE PROBLEMS? : WHAT IS THE PROBLEMS? COMPLEX FIRMWARE More functions High complexity Large size DOWNLOADING FIRMWARE Downloading the firmware via internet Problem can happen on the mobile phone By wrong firmware By incomplete Downloads DISCLOSED IMPORTANT INFORMATION SPC (System Programming Code) number ;i.e. The setting of a mobile phone can be changed ESN (Electronic Serial Number) Can clone phone


CLONED MOBILE PHONES : CLONED MOBILE PHONES Confiscating 4718 cloned mobile phones Between Jan and Aug in 2005


CLONED MOBILE PHONES : CLONED MOBILE PHONES Explosive increase of cloned mobile phone this year


CLONED MOBILE PHONES : CLONED MOBILE PHONES Article about illegal electronic payment by cloned phone using stolen ESN codes


CLONED MOBILE PHONES : CLONED MOBILE PHONES The Korean government intends to prevent cloning of phones by rewarding citizens


WHAT IS THE PROBLEMS? : WHAT IS THE PROBLEMS? EASY ACCESS TO PHONE CLONNING


WHAT IS THE PROBLEMS? : WHAT IS THE PROBLEMS? Tools for cloning phones


WHAT IS THE PROBLEMS? : WHAT IS THE PROBLEMS? Tools for accessing system files


WHAT IS THE PROBLEMS? : WHAT IS THE PROBLEMS? Tools for uploading contents


WHAT IS THE PROBLEMS? : WHAT IS THE PROBLEMS? Information and tools are exposed to the Internet


EXPECTED TYPE OF ATTACKS : EXPECTED TYPE OF ATTACKS CHANGING SERVICE SETTING INFORMATION DELETING, MODIFYING FILES ON EFS ;.i.e. UPLOADING UNWANTED CONTENTS ;.i.e. Obscene games, picture, movie clips Replacing contents Spam advertising UNNOTICED DIALING ( .e.g. international calls ) UNNOTICED SENDING JUNK MESSAGES via SMS DELETING, DISCLOSING INFORMATION ;.e.g. Silent unnoticed retrieval of information to PC E.g.) the telephone number, Email, ESN Silent unnoticed Changing of phones numbers


EXPECTED TYPE OF ATTACKS : EXPECTED TYPE OF ATTACKS


EXPECTED TYPE OF ATTACKS : EXPECTED TYPE OF ATTACKS


EXPECTED TYPE OF ATTACKS : EXPECTED TYPE OF ATTACKS


EXPECTED TYPE OF ATTACKS : EXPECTED TYPE OF ATTACKS


COUNTER MEASURES : COUNTER MEASURES PROTECTING CONTENTS WITH DRM, but still; Attempts to use time limited MP3s Attempts to use commercial contents PREVENTION OF USING CLONED PHONE The new mobile phone with another authentication in addition to ESN and MIN But the mobile phones produced before Aug 2004 still have a problem PHONE MANUFACTURES Patching firmware to disallow tools in use Different ways to encrypt data for each manufacturer’s phone Repairing the phone only at service centers Additional tracking services of mobile phone connection to Service PIN Numbers


COUNTER MEASURES : COUNTER MEASURES MALICIOUS ATTACKS The malicious code itself is hard to spread on CDMA environment The attack so far is possible, but it needs a lot of conditions The possibility can be higher if a user still miss behaviors MEASURES TO FIGHT THE EXPECTED PC MALICIOUS CODE Disabling dialing and sending SMS without user’s consent Disabling sending system files such as ESN through Serial port, USB MEASURES TO FIGHT THE EXPECTED MOBILE CODE Disabling unwanted payment on games without user’s consent


CONCLUSIONS : CONCLUSIONS MOBILE ENVIRONMENT IN KOREA IS RAPIDLY CHANGING The threats so far are partially under control, but it needs more development Threats will increase as there are more services TO GET RID OF CURRENT THREATS, MUST UPDATE FIRMWARE The damage could be extensive if the problems happens Mobiles connected to PCs realistically have low possibility of attacks It’s difficult to spread to around USERS, SERVICE PROVIDERS AND PHONE MANUFACTURES HAVE TO THINK TOGETHER ABOUT THREATS AND COUNT MEASURES