Do You Trust Your Phone?
Despite the promising start, Electronic Commerce has not taken off mostly because of security issues with the communication infrastructures that are popping up threateningly undermining the perceived trustworthiness in Electronic Commerce.
Some Internet security issues, like malware, phishing, pharming are well known to the Internet community. Such issues are being, however, transferred to the telephone networks thanks to the symbiotic relation between the two worlds. Such an interconnection is becoming so pervasive that we can really start thinking about a unique network, which, in this paper, we refer to as the Interphonet.
The main goal of this paper is to analyze some of the Internet security issues that are being transferred to the Interphonet and also to identify new security issues of the Interphonet. In particular we will discuss about mobile phones malware and identity theft, phishing with SMS, telephone pharming, untraceability of phone calls that use VoIP and Caller ID spoofing. We will also briefly discuss about countermeasures.
KeywordsVoIP security SMS security identity theft mobile malware telephone phishing telephone pharming untraceability caller ID spoofing SMS spoofing NGN
Unable to display preview. Download preview PDF.
- 1.Bocan, V., Cretu, V.: Security and Denial of Service Threats in GSM Networks. Periodica Politechnica, Transactions on Automatic Control and Computer Science 49(63) (2004) ISSN 1224-600XGoogle Scholar
- 2.Enck, W., Traynor, P., McDaniel, P., La Porta, T.: Exploiting Open Functionality in SMS-Capable Cellular Networks. In: Proc. of CCS 2005, Alexandria, VA, USA, November 2005, pp. 7–11 (2005)Google Scholar
- 3.Kim, S.h., Leem, C.S.: Security Threats and Their Countermeasures of Mobile Portable Computing Devices in Ubiquitous Computing Environments. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3483, pp. 79–85. Springer, Heidelberg (2005)CrossRefGoogle Scholar
- 5.Peersman, G., Cvetkovic, S., Griffiths, P., Spear, H.: The Global System for Mobile Communications Short Message Service. IEEE Personal Communications, 15–23 (2000)Google Scholar
- 7.Fujii, H., Shigematsu, N., Kurokawa, H., Nakagawa, T.: Telelogin: a Two-factor Two-path Authentication Technique Using Caller ID, NTT Information Sharing Platform Laboratories, NTT Technical Review, Vol. 6(8) (August 2008), https://www.ntt-review.jp/archive/ntttechnical.php?contents=ntr200808le3.html
- 9.Palmieri, F., Fiore, U.: Providing True End-to-End Security in Converged Voice Over IP Infrastructures. Journal of Computer & Security (in press) (January 2009), http://dx.doi.org/10.1016/j.cose.2009.01.004
- 10.3rd Generation Partnership Project, Technical realization of the Short Message Service (SMS), Rel. 5.1.0, 3GPP Technical Specific Group Terminals (2001)Google Scholar
- 11.Internet Protocol Telephony and Voice Over the Internet Protocol, Security Technical Implementation Guide, Defense Information Systems Agency (DISA) for the U.S. Department of Defense (DOD), Version 2, Rel. 2 (April 2006), http://iase.disa.mil/stigs/stig/VoIP-STIG-V2R2.pdf
- 12.Griffin, S.E., Rackley, C.C.: Vishing. In: Proc. of the ACM InfoSecCD ’08: Proceedings of the 5th annual conference on Information Security Curriculum Development, pp. 33–35 (2008)Google Scholar
- 13.Caller ID spoofing with PHP and asterisk (last updated 14 February 2006), http://www.nata2.org/2006/02/14/caller-id-spoofing-with-php-and-asterisk/
- 14.The definitive resource on Caller ID spoofing (last updated, 20 February 2009), http://www.calleridspoofing.info/
- 15.Running your own GSM network, 25th Chaos Communication Congress (last updated, 29 December 2008), http://events.ccc.de/congress/2008/Fahrplan/events/3007.en.html
- 16.SMS phishing, Computer Crime Research Center, September 04 (2006), http://www.crime-research.org/news/04.09.2006/2221/
- 17.SMiShing: SMs phISHING, Wikipedia, the free encyclopedia (last updated, 1 May 2009), http://en.wikipedia.org/wiki/SMiShing
- 18.Castiglione, A., Cattaneo, G., De Santis, A., Petagna, F., Ferraro Petrillo, U.: SPEECH: Secure Personal End-to-End Communication with Handheld. In: Proc. of ISSE 2006, Securing Electronic Business Processes (Information Security Solutions Europe), October 2006, pp. 287–297. Vieweg Verlag (2006)Google Scholar
- 20.Jailbreak (iPhone), Wikipedia, the free encyclopedia (last updated 29 April 2009), http://en.wikipedia.org/wiki/Jailbreak_(iPhone)Google Scholar
- 21.Castiglione, A., Cattaneo, G., Cembalo, M., De Santis, A., Petagna, F., Ferraro Petrillo, U.: An Extensible Framework for Efficient Secure SMS”. Technical Report - University of SalernoGoogle Scholar