Embedding High Capacity Covert Channels in Short Message Service (SMS)
Covert Channels constitute an important security threat because they are used to ex-filtrate sensitive information, to disseminate malicious code, and, more alarmingly, to transfer instructions to a criminal (or terrorist). This work presents zero day vulnerabilities and weak-nesses, that we discovered, in the Short Message Service (SMS) protocol, that allow the embedding of high capacity covert channels. We show that an intruder, by exploiting these SMS vulnerabilities, can bypass the existing security infrastructure (including firewalls, intrusion detection systems, content filters) of a sensitive organization and the primitive content filtering software at an SMS Center (SMSC). We found that the SMS itself, along with its value added services (like picture SMS, ring tone SMS), appears to be much more susceptible to security vulnerabilities than other services in IP-based networks. To demonstrate the effectiveness of covert channels in SMS, we have used our tool GeheimSMS that practically embeds data bytes (not only secret, but also hidden) by composing the SMS in Protocol Description Unit (PDU) mode and transmitting it from a mobile device using a serial or Bluetooth link. The contents of the overt (benign) message are not corrupted; hence the secret communication remains unsuspicious during the transmission and reception of SMS. Our experiments on active cellular networks show that 1 KB of a secret message can be transmitted in less than 3 minutes by sending 26 SMS without raising an alarm over suspicious activity.
KeywordsShort Message Service (SMS) SMS Covert Channels SMS PDU
Unable to display preview. Download preview PDF.
- 1.National Computer Security Center, US DoD: Trusted computer system evaluation criteria. Technical Report, DOD 5200.28-STD (December 1985)Google Scholar
- 2.Ahsan, K., Kundur, D.: Practical data hiding in TCP/IP. In: Proc. of the 9th Workshop on Multimedia & Security, pp. 25–34. ACM, Texas (2002)Google Scholar
- 3.Rowland, C.: Covert channels in the TCP/IP protocol suite. First Monday 2(5-5) (1997)Google Scholar
- 7.Bauer, M.: New covert channels in http: adding unwitting web browsers to anonymity sets. In: Proc. of the 2003 ACM Workshop on Privacy in the Electronic Society, pp. 72–78. ACM, NY (2003)Google Scholar
- 8.Mazurczyk, W., Kotulski, Z.: New VoIP traffic security scheme with digital watermarking. Computer Safety, Reliability, and Security, 170–181 (2006)Google Scholar
- 12.Portio-Research: Mobile Messaging Future (2010-2014), http://www.portioresearch.com/
- 13.GSM-ETSI: 03.40. Technical realization of the Short Message Service (SMS) (1998), http://www.3gpp.org/ftp/Specs/html-info/0340.htm
- 14.Simmons, G.J.: The prisoners problem and the subliminal channel. In: Proc. of Advances in Cryptology (CRYPTO), pp. 51–67 (1984)Google Scholar
- 16.The Trusted System Evaluation Criteria. Fred Cohen Associates, http://all.net/books/orange/chap8.html