How Secure is Your Mobile Network. Addressing Issues Around Attacks on Mobile Networks and Against Mobile Users

How Secure is Your Mobile Network

Addressing Issues Around Attacks on Mobile Networks and Against Mobile Users

Doug Miller

Company Overview

We are the WORLD LEADER

in DNS & DHCP solutions

•  Our Chairman, Dr. Paul

Mockapetris, invented the DNS •  Team comprised of BIND 8, BIND

9 & ISC-DHCP creators

•  40 issued and pending patents

Our solutions run the world s MOST DEMANDING networks

•  A decade of service provider

experience

•  Over 140 Fixed and Mobile service

providers

•  Serving over 500 million Internet

users worldwide

The first & only DNS/DHCP INTEGRATED ARCHITECTURE

•  DNS/DHCP engines provide efficiency, lower costs, higher QoS •  Platforms enable agility & faster

application development

•  Applications create differentiation and new revenue sources

Our mobile customer base includes:

Our fixed broadband customer base includes:

Three-Tiered Integrated Architecture

Subscriber Services Analytics Interoperability (SDK & APIs)

Network Services and Security U n ifi ed U se r In te rfa ce & Ma n ag em en t Subscriber

Messaging Configuration Management SIEM

Custom

NOMINUM APPS 3rd _{PARTY CERTIFIED APPS}

ISP-DEVELOPED APPS Custom Content Blocking Outbound Anti- Spam Subscriber

Analytics Anti-Virus Upsell Parental Control

Botnet Control Navigation

Assistance Monitoring Network

More…

More…

Putting Mobile into Perspective

4

Mobile Devices per User

5

The Changing Face of Mobile

6

•

  Connected devices are expanding

–  Not just mobile phones*

•  175M laptops on the mobile network in 2011

–  22x more traffic than more traffic than smartphones

•  Tablets to exceed 10% of global mobile data traffic in 2016

•  In 2016, 4G will be 6 percent of connections, but 36

percent of total traffic

–  Mobile devices aren’t as protected as home networks

•

  Spectrum consumption is a constant battle

–  “If we don't get new frequency [in 2012], it will topple our

company.”

•  Asahi Shimbun - CTO of Softbank Mobile

–  “Frequency allocations alone are not the only solution. We

need to be as smart as possible in managing our capacity.”

•  Philipp Humm, President and CEO of T-Mobile USA – CTIA 2012

Challenges for Mobile Providers

7

•  Data explosion

–  Growth in data far outpacing voice growth

–  No end in sight as mobile devices continue to grow

•  Hundreds of thousands of new devices provisioned daily •  5-year growth CAGR in mobile data traffic of 92%1

•  Service commoditization

–  Differentiation has become much more difficult to achieve

•  Proliferation of iPhone and Android devices

•  No longer is there a single provider of high-end devices

–  Data services are “table stakes” for the modern provider

•  Documented declines in profitability

–  Data revenue declining faster than data costs2

•  Cost/GB falling by a factor of 3x

•  Revenue/GB falling by a factor of 10x

–  Must generate new revenue sources & control expenses to maintain

profitability

1_{Note: Cisco Visual Networking Index, 2012}

2_{Note: Strategy Analytics – Sue Rudd, 2012 Interview}

Ericsson Traffic and Market Report (June, 2012)

Mobile Broadband Growth

8

Note1_{: Ericsson Traffic and Market Report – June, 2012}

Note2_{: AT&T at 3GPP Workshop – June 11-12, 2012}

Mobile Environments

9

Note1_{: Business Insider – Jun. 12, 2012}

Note2_{: Ericsson Traffic and Market Report – June, 2012}

Note3_{: Morgan Stanley Research and Gartner – 2011}

Android Activations per Day1

Smartphone Operating System Market Share3

Mobile Phone Platforms

10

eCommerce on Mobile is Increasing

11

Based on a recent study of the top 500 Internet retailers, mobile

commerce shopping activity via smartphones is projected to overtake desk-bound PC’s and laptops as a percentage of e-commerce traffic.

- Branding Brand Online Marketing

The Point of the Research

12

Bots and Malware Landscape

Internet  Hosts

Profitability of Internet Crime

14

Trend Total  market  share,  % Amount,  million  USD

Online  banking  fraud 21.3% $490

Cashing 16.0% $367

Phishing 2.4% $55

Theft  of  electronic  funds 1.3% $30

Total 41.0% $942

Trend Total  market  share,  % Amount,  million  USD

Spam 24.0% $553

Pharma  and  counterfeits 6.2% $142 Fake  software 5.9% $135

Total 36.1% $830

Trend Total  market  share,  % Amount,  million  USD

Sale  of  traffic 6.6% $153 Sale  of  exploits 1.8% $41 Sale  of  loaders 1.2% $27

Anonymization 0.4% $9

Total 10.0% $230

Trend Total  market  share,  % Amount,  million  USD

DDoS  attacks 5.6% $130 Other 7.3% $168 Total 12.9% $298 Total 100% $2,300 Spam Online  Fraud Internal  market  (C2C) Other Source: Group IB

Source: Group IB _{Source: Microsoft Security Intelligence Report – 2011}

Accelerating Mobile Malware Threats

15

It will take 2 years for mobile threats to do what PC threats

“A majority of the mobile threats centered on Android, but originated from third-party app stores.”

- McAfee Quarterly Threats Report for Q1 2012

iPhones are Safe and Android is Risky?

16 iPhone iOS Jail Break Backdoor Any Developer Submit to Apple Qualification Distribution Updates Android Any Developer Market Downloads Distribution Updates Android Shows Access Carrier Markets Security? Web Downloads R eli es on C ommu nit y R el ie s on C on tro l

One Option for Populating Malware

17

…or, create a legitimate app and inject malware in automatic updates

Pirate legitimate paid apps to package malware and offer for free…

Malware Distribution Without Apps

DroidDream – The “First” Mobile Bot

19

“DroidDream is an example of malware that acts as a bot and uses two exploit payloads in its attempts to gain root access to infected devices.

- Lookout Mobile Threat Report – August 2011

The Lifecycle of a Bot Network

20

3 – Bot gets instructions from Command and Control

(C&C) server

C&C Botnet

Bot Master

1 – Spam (or “something”) entices user to badsite.com

2 – User visits site and is infected via “drive by download” Malware

and becomes part of Botnet

4 – Newly infected machine (bot) joins Botnet in DDOS attack on

a legitimate Web site

Innocent User

Cache Poisoning Threat – Kaminsky

21

•

Attacker redirects unsuspecting customers

–

Entries in cache are changed by an attacker

–

Customer going to

www.mybank.com

is given incorrect

information

•  Does not require phishing or any unsafe behavior

–

Attacker directs customers to controlled sites

•  Financial and identity theft, malware installation, etc.

•

Statistical attack

–

Send query so server listening for answer

–

Send guesses while target DNS waits for

real answer

Network and User Security Solution

22

•  Security is a mobile issue

–  Mobile networks are the new

playground for hackers and thieves

–  End user threats are not just a

PC problem

•  “Mobile threats are evolving quickly—sophistication that took decades to reach on the PC is taking just a few years on

mobile”

- Lookout Mobile

–  New access to content in new

ways has made users careless

•  Addressing the security problem

on multiple levels

–  Protect DNS network assets

•  Server security ensures network access is available

–  Caching data is highly valuable

•  End users must be confident they’re going where they want to

–  The network must be clean

•  Think about spectrum efficiency

–  End users should have options

•  Network-based solutions remove complexity and confusion

“We believe that the observed attack traffic originating from known mobile networks is likely being generated by infected PC-type clients connecting to wireless networks through mobile broadband technologies, and not by infected smartphones or similar mobile connected devices.”

Protecting the DNS Assets

23

•

  Client rate limiting

–  Limit any subscriber to a maximum amount of QPS (e.g. 1,000)

–  Queries-per-second (QPS) limit defined by administrator

•

  Limit recursion contexts

–  Recursion context is an authoritative query out to the Internet

–  Limit maximum number of recursion contexts

–  Default limit per Vantio of 2,000 simultaneous recursion contexts

Internet Client Limit inbound DNS queries Limit outbound DNS queries

Protecting the Caching Data

24

Layer

Action

Impact

Deterrence

Stop attacks using the following:

l  Randomize transaction ID (QID)

l  UDP Source Port Randomization (USPR) l  Case (query name) Randomization (0x20)

Decrease the probability of a successful attack

Defense

Detect and Defend (D&D)

Detect spoofed response and switch to TCP

l  E.g. 0x20 Failures switch to TCP

Significantly slow the progress of an attack

(100x or more)

Resistance “Glue Segregation” _{Discard unsolicited answers} Eliminate the opportunity for an attacker to insert a fake record

Remediation Notification and Reporting _{All TCP transaction, including 0x20 and D&D} Isolate the attacker and _{take remedial measures}

Protecting the Network

Protecting the End User

26

•  A brief introduction

–  Opt-in service for managing mobile

data access

–  Broad application categories

supporting multiple services

•  Online Security •  Parental Control •  Scheduling

–  Network-based DNS service

•  No need to download anything to the end-user mobile device

Nominum Mobile Suite

27

•

  Anywhere/Anytime information access

–  Efficiency: Highest network performance at the lowest TCO

–  Differentiation: Pre-built apps to provide new services/revenues

–  Agility: Adapt to market changes and innovate quickly

•

  Real business issues are addressed by a DNS platform

–  Core network functionality is only the beginning

–  Enhanced applications are built right on top of this existing asset

•

  Consider the DNS as a critical network element

–  DNS must be carrier grade more so now than ever before

–  DNS is a critical network element & is more so every day

Wireless Environments Have Unique Needs

Nominum Knows Mobile

Doug Miller

www.nominum.com