Unique Vulnerabilities and Attacks on Cellular Data Packet Services

As cellular data services and applications are being widely deployed, they become attractive targets for attackers, who could exploit unique vulnerabilities in cellular networks, mobile devices, and the interaction between cellular data networks and the Internet. Furthermore, mobile devices, often times considered to be part of the cellular network’s trusted computing base (TCB), are becoming more vulnerable to attacks. This thesis presents several vulnerabilities on the cellular data packet services and its applications, and present two particular denial of service attacks. First, we demonstrate an attack, which surreptitiously drains mobile devices’ battery power up to 22 times faster and therefore could render these devices useless before the end of business hours. This attack targets a unique resource bottleneck in mobile devices (the battery power) by exploiting an insecure cellular data service (MMS) and the insecure interaction between cellular data networks and the Internet (PDP context retention and the paging channel). Second, we propose a series of attacks on 3G cellular packet services that exploit the unverified channel condition reports from mobile devices to their base stations, and user-initiated handoffs. Our simulations show that only five rogue devices per cell can use up over 90% of the network resource, and thus induce and perpetuate 2.1s end-to-end inter-packet transmission delay for every user in the cell. This thesis also presents several mitigation strategies to defend against not only the two aforementioned attacks, but also similar attacks of these type.