Mobile data charging: new attacks and countermeasures

Authors:
Chunyi Peng;Chi-yu Li;Guan-Hua Tu;Songwu Lu;Lixia Zhang
Affiliations:
University of California, Los Angeles, Los Angeles, CA, USA;University of California, Los Angeles, Los Angeles, CA, USA;University of California, Los Angeles, Los Angeles, CA, USA;University of California, Los Angeles, Los Angeles, CA, USA;University of California, Los Angeles, Los Angeles, CA, USA
Venue:
Proceedings of the 2012 ACM conference on Computer and communications security
Year:
2012

Citing 11
Cited 5

Mobile Phones: The Next Frontier for Hackers?

Computer
Exploiting open functionality in SMS-capable cellular networks

Proceedings of the 12th ACM conference on Computer and communications security
On the Impact of Unwanted Traffic onto a 3G Network

SECPERU '06 Proceedings of the Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing
SmartSiren: virus detection and alert for smartphones

Proceedings of the 5th international conference on Mobile systems, applications and services
On the detection of signaling DoS attacks on 3G/WiMax wireless networks

Computer Networks: The International Journal of Computer and Telecommunications Networking
On cellular botnets: measuring the impact of malicious devices on a cellular network core

Proceedings of the 16th ACM conference on Computer and communications security
An untold story of middleboxes in cellular networks

Proceedings of the ACM SIGCOMM 2011 conference
LTE for UMTS: Evolution to LTE-Advanced

LTE for UMTS: Evolution to LTE-Advanced
A survey of mobile malware in the wild

Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Charging and pricing challenges for 3G systems

IEEE Communications Surveys & Tutorials
Can we pay for what we get in 3G data access?

Proceedings of the 18th annual international conference on Mobile computing and networking

Towards accurate accounting of cellular data for TCP retransmission

Proceedings of the 14th Workshop on Mobile Computing Systems and Applications
Accounting for roaming users on mobile data access: issues and root causes

Proceeding of the 11th annual international conference on Mobile systems, applications, and services
How voice calls affect data in operational LTE networks

Proceedings of the 19th annual international conference on Mobile computing & networking
Last call for the buffet: economics of cellular networks

Proceedings of the 19th annual international conference on Mobile computing & networking
PREC: practical root exploit containment for android devices

Proceedings of the 4th ACM conference on Data and application security and privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

3G/4G cellular networks adopt usage-based charging. Mobile users are billed based on the traffic volume when accessing data service. In this work, we assess both this metered accounting architecture and application-specific charging policies by operators from the security perspective. We have identified loopholes in both, and discovered two effective attacks exploiting the loopholes. The "toll-free-data-access-attack" enables the attacker to access any data service for free. The "stealth-spam-attack" incurs any large traffic volume to the victim, while the victim may not be even aware of such spam traffic.Our experiments on two operational 3G networks have confirmed the feasibility and simplicity of such attacks. We also propose defense remedies.