Technology in today’s time is referred to as the practical application of science to commerce or industry. With constant breakthroughs in the scientific study across the world, there has been a steady rise in the development of technology. Such a technological development in the mobile communications sphere is 3G.
3G is the latest and the most advanced smart phone technology in India. It refers to the third generation of mobile communications technology. It is the successor to its previous two technologies 1G & 2G and is the predecessor to the 4G technology. It comes with enhanced technology which enables high speed transmissions, advanced multimedia features and other high speed services.
On one hand, the recently announced launch of 3G and the distribution of the 3G spectrums is great news to all the tech savvy people in India. However, there is also a flip side to this development. This Third Generation technology brings along with it, a vast number of vulnerabilities, making it a haven for hackers and crackers. All this while, very few consumers were actually aware about the threats of 3G, but now when it is becoming a reality in India, the industries and the operators ae slowly awakening to the fact that such a threat really exists.
Role of Mobile Operators:
The role of mobile operators will change from being a regular voice service provider to a full fledged Internet Service Provider (ISP). They will no longer just provide cellular voice services, but will also be providing high speed internet protocol based (IP) data services. In order to offer their customers an array of quality services on the 3G platform, the operators are opening up their networks to external sources like other data networks, operators and public domains.
As a result, mobile operator’s 3G networks are not only exposed to all the existing virtual pathogens, but also to viruses and Trojans specific to mobile networks. This will also expose them to direct attacks like Denial of Service (Dos) from various cyber criminals, eventually bringing out the architectural weakness of the 3G network.
Reasons for Vulnerabilities:
- High Speed wireless IP based networks which allow users to do much more while connected to the internet.
- Open ISP networks are vulnerable to more attacks from the external realm
- Evolution of IMS (IP Multimedia System) which will enable interconnected networks all running simultaneously on IP.
Need to Secure the 3G Networks:
The security implication is that with more users of varied data-capable devices who are accessing content and communicating with one another across multiple networks, there will be more traffic on the cellular networks. That implies a higher likelihood of attacks occurring from any number of sources. For example, many sophisticated attacks disguise themselves in data flows across sessions and ports—the more traffic there is, the harder it is to identify the threats.
Threats to Mobile devices
While most Indians are still in the transient process of switching from the existing to 3G networks, there is a need for the operators and the government agencies to educate consumers and make them aware about the imminent threats and dangers that exist with the advent of 3G. Because such a technology has never been provided by operators till date, they are not equipped to deal with the IP security on mobiles. The new world of IP data is relatively new for to them as till now they were used to dealing with comparatively mundane voice centric security threats.
The threats on the mobile networks can originate from mainly two sources:
- External - The public internet, private networks and other operator networks
- Internal - Data capable handsets, smart phones, notebook computers and even desktop computers connected to 3G
Given below are some types of attacks which can be carried over the 3G mobile networks:
Denial of Service (DoS)
DoS has been one of the most prevalent attacks on the wired ISPs. It essentially uses methods to overpower the systems with data, such that the target system is either slowed or stopped. Inflicting such damage typically requires a lot of compromised systems which are also referred to as bots and collectively called "botnets"
Essentially, botnets are computers that have been compromised by attackers, generally through the use of Trojans, which are then remotely controlled by the organization orchestrating the DoS attack. Laptops, smart-phones, Blackberry phones and/or PDAs, connected to the Internet via a mobile broadband connection, could be similarly compromised and used as bots in a DoS attack.
Another major threat will be an attack called "Overbilling". This involves hijacking the IP of the subscriber and using it for the attackers own purposes. Eventually, this leads to the legitimate user being billed for activity which they did not undertake.
Looking at the couple of examples given above, securing these networks is of utmost importance. In order to protect their consumers and networks, the operators need to:
- Look at a complete 360 degree architectural approach to secure their networks.
- Deployment of firewalls, intrusion detection and prevention (IDP) and virtual private networks (VPNs)
- Anti-virus and firewall softwares for the end point protection of consumers.
- Operators need to work with each other in order to ensure maximum security
- Vigorously protect signaling as the migration of signaling traffic over IP creates new risks. Mobile operators carry much more signaling traffic than their wired counterparts and signaling is mission critical traffic.
The risks of attacks and other threats to 3G will keep increasing as technology keeps developing. There is a need for a strong, multilayered security which will help in protecting our networks and consumers, not just in today’s 3G world, but also in the future with IMS (IP Multimedia Subsystem). There should be deployment of various firewalls, IDPs, VPNs and other such security products. Also the entire architecture of the networks should start changing according to the rising security needs. The base of securing should start in today’s age, in order to enjoy a secure digital future.
Rajat Khare, Joint managing Director and Co-Founder, Appin Technologies.