New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks

New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks. Tu, G.
abstract bibtex

SMS (Short Messaging Service) is a text messaging service for mobile users to exchange short text messages. It is also widely used to provide SMS-powered services (e.g., mobile banking). With the rapid deployment of all-IP 4G mobile networks, the underlying technology of SMS evolves from the legacy circuit-switched network to the IMS (IP Multimedia Subsystem) system over packetswitched network. In this work, we study the insecurity of the IMS-based SMS. We uncover its security vulnerabilities and exploit them to devise four SMS attacks: silent SMS abuse, SMS spooﬁng, SMS client DoS, and SMS spamming. We further discover that those SMS threats can propagate towards SMS-powered services, thereby leading to three malicious attacks: social network account hijacking, unauthorized donation, and unauthorized subscription. Our analysis reveals that the problems stem from the loose security regulations among mobile phones, carrier networks, and SMS-powered services. We ﬁnally propose remedies to the identiﬁed security issues.

@article{tu_new_nodate,
	title = {New {Security} {Threats} {Caused} by {IMS}-based {SMS} {Service} in {4G} {LTE} {Networks}},
	abstract = {SMS (Short Messaging Service) is a text messaging service for mobile users to exchange short text messages. It is also widely used to provide SMS-powered services (e.g., mobile banking). With the rapid deployment of all-IP 4G mobile networks, the underlying technology of SMS evolves from the legacy circuit-switched network to the IMS (IP Multimedia Subsystem) system over packetswitched network. In this work, we study the insecurity of the IMS-based SMS. We uncover its security vulnerabilities and exploit them to devise four SMS attacks: silent SMS abuse, SMS spooﬁng, SMS client DoS, and SMS spamming. We further discover that those SMS threats can propagate towards SMS-powered services, thereby leading to three malicious attacks: social network account hijacking, unauthorized donation, and unauthorized subscription. Our analysis reveals that the problems stem from the loose security regulations among mobile phones, carrier networks, and SMS-powered services. We ﬁnally propose remedies to the identiﬁed security issues.},
	language = {en},
	author = {Tu, Guan-Hua},
	keywords = {cellular, lte},
	pages = {13}
}

Downloads: 0

{"_id":"pGFqxCLnSXzmw7Smo","bibbaseid":"tu-newsecuritythreatscausedbyimsbasedsmsservicein4gltenetworks","downloads":0,"creationDate":"2018-09-02T09:38:26.285Z","title":"New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks","author_short":["Tu, G."],"year":null,"bibtype":"article","biburl":"https://bibbase.org/zotero/21h","bibdata":{"bibtype":"article","type":"article","title":"New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks","abstract":"SMS (Short Messaging Service) is a text messaging service for mobile users to exchange short text messages. It is also widely used to provide SMS-powered services (e.g., mobile banking). With the rapid deployment of all-IP 4G mobile networks, the underlying technology of SMS evolves from the legacy circuit-switched network to the IMS (IP Multimedia Subsystem) system over packetswitched network. In this work, we study the insecurity of the IMS-based SMS. We uncover its security vulnerabilities and exploit them to devise four SMS attacks: silent SMS abuse, SMS spooﬁng, SMS client DoS, and SMS spamming. We further discover that those SMS threats can propagate towards SMS-powered services, thereby leading to three malicious attacks: social network account hijacking, unauthorized donation, and unauthorized subscription. Our analysis reveals that the problems stem from the loose security regulations among mobile phones, carrier networks, and SMS-powered services. We ﬁnally propose remedies to the identiﬁed security issues.","language":"en","author":[{"propositions":[],"lastnames":["Tu"],"firstnames":["Guan-Hua"],"suffixes":[]}],"keywords":"cellular, lte","pages":"13","bibtex":"@article{tu_new_nodate,\n\ttitle = {New {Security} {Threats} {Caused} by {IMS}-based {SMS} {Service} in {4G} {LTE} {Networks}},\n\tabstract = {SMS (Short Messaging Service) is a text messaging service for mobile users to exchange short text messages. It is also widely used to provide SMS-powered services (e.g., mobile banking). With the rapid deployment of all-IP 4G mobile networks, the underlying technology of SMS evolves from the legacy circuit-switched network to the IMS (IP Multimedia Subsystem) system over packetswitched network. In this work, we study the insecurity of the IMS-based SMS. We uncover its security vulnerabilities and exploit them to devise four SMS attacks: silent SMS abuse, SMS spooﬁng, SMS client DoS, and SMS spamming. We further discover that those SMS threats can propagate towards SMS-powered services, thereby leading to three malicious attacks: social network account hijacking, unauthorized donation, and unauthorized subscription. Our analysis reveals that the problems stem from the loose security regulations among mobile phones, carrier networks, and SMS-powered services. We ﬁnally propose remedies to the identiﬁed security issues.},\n\tlanguage = {en},\n\tauthor = {Tu, Guan-Hua},\n\tkeywords = {cellular, lte},\n\tpages = {13}\n}\n\n","author_short":["Tu, G."],"key":"tu_new_nodate","id":"tu_new_nodate","bibbaseid":"tu-newsecuritythreatscausedbyimsbasedsmsservicein4gltenetworks","role":"author","urls":{},"keyword":["cellular","lte"],"downloads":0,"html":""},"search_terms":["new","security","threats","caused","ims","based","sms","service","lte","networks","tu"],"keywords":["cellular","lte"],"authorIDs":[],"dataSources":["NpxDwkFvCjNmGYFSj"]}