With the tremendous popularity of mobile devices and their increasing adoption in the corporate environments, there is a larger opportunity for Advanced Persistent Threats (APTs) to exploit vulnerabilities in wireless and mobility networks. We review several vulnerabilities and successful attacks in this domain, and evaluate the possibility of these attacks to be used by APTs. Our analysis shows that known attacks in the mobility domain are powerful enough to contribute to the success of an APT operation.
Copyright © 2017 Praise Worthy Prize - All rights reserved.

RSA. RSA Security Brief: Mobilizing Intelligent Security Operations for Advanced Persistent Threats, http://tinyurl.com/6n6rqfp, February 2011.

P. Giura and W. Wang, Using Large Scale Distributed Computing to Unveil Advanced Persistent Threats, Academy of Science and Engineering Science Journal, vol.1, no. 3, December 2012, pp. 93-105.

B. Krekel, G. Bakos, and C. Barnett, Capability of the People’s Republic of China to conduct cyber warfare and computer network exploitation, The US-China Economic and Security Review Commision, Washington, DC, Research Report, 2009.

Damballa, The Command Structure of the Aurora Botnet, http://www.damballa.com/research/aurora/, March 2010.

SANS Technology Institute, Assessing Outbound Traffic to Uncover Advanced Persistent Threat, http://tinyurl.com/65sg29s, May 2011.

K. Nohl and S. Munaut, Wideband GSM sniffing, In 27th Chaos Communication Congress, 2010, http://tinyurl.com/33ucl2g

G. Horn, D. Forsberg, W. Moeller, and V. Niemi, LTE Security (John Wiley & Sons, 2010) .

W. Xu, Y. Zhang, and T. Wood, The feasibility of launching and detecting jamming attacks in wireless networks, In ACM MOBIHOC, 2005, pp. 46-57.

C. Mune, R. Gassira, and R. Piccirillo, Highjacking mobile data connections, In BlackHat Europe, 2009, http://tinyurl.com/7b2gvdg.

P. Traynor, W. Enck, P. Mcdaniel, and T. La Porta, Exploiting open functionality in SMS-capable cellular networks, In J. Comput Secur., vol. 16. Amsterdam, The Netherlands, IOS Press, December 2008, pp. 713–742.

P. Lee, T. Bu, and T. Woo, On the detection of signaling dos attacks on 3G wireless networks, In INFOCOM 2007: 26th IEEE International Conference on Computer Communications. IEEE, May 2007, pp. 1289-1297.

Grugq, Base jumping: Attacking the GSM baseband and Base Station, In BlackHat Abu Dhabi, 2011, http://tinyurl.com/7laga5r.

D. Spaar, A practical DoS attack to the GSM network, In DeepSec 2009, http://tinyurl.com/7vtdoj5.

Talbot, David, One Simple Trick Could Disable a City’s 4G Phone Network, MIT Technology Review, November 2012, http://www.technologyreview.com/news/507381/one-simple-trick-could-disable-a-citys-4g-phone-network/

3rd Generation Partnership Project, Mobile radio interface layer 3 specification, 3GPP TS 04.08, vol. v7.21.0, 2004.

D. Kune, J. Koelndorfer, and N. Hopper, Localization leaks on the GSM air interface, In 18th Annual Network and Distributed System Security Symposium, ser. NDSS ’12, 2012.

D. Bailey and N. DePetrillo, The Carmen Sandiego Project, In BlackHat USA, 2010, http://tinyurl.com/85mtblw.

E. Gadaix, GSM and 3G security, In BlackHat Asia, 2001, http://tinyurl.com/85plhlv.

U. Meyer and S. Wetzel, A man-in-the-middle attack on UMTS, In Proceedings of the 3rd ACM workshop on Wireless security, ser. WiSe ’04. New York, NY, USA: ACM, 2004, pp. 90–97.

D. Perez and J. Pico, A practical attack against GPRS/EDGE/UMTS/HSPA mobile data communications, In BlackHat DC, 2011, http://tinyurl.com/7wuf3er.

Open Mobile Aliance, WAP Architecture, http://www.openmobilealliance.org.

R. Racic, D. Ma, and H. Chen, Exploiting MMS vulnerabilities to stealthily exhaust mobile phone’s battery, In Proceedings of the Second IEEE Communications Society / CreateNet International Conference on Security and Privacy in Communication Networks, 2006.

Boston-WCBTV, Websites show how to ’spoof’ caller id. voice mail hacking: Easier than you think?, July 2011, http://www.thebostonchannel.com/r/28674908/detail.html.

N. Davies and A. Hill, Missing Milly Dowler’s voicemail was hacked by News of the World, In The Guardian UK, July 2011, http://tinyurl.com/6c6jgmw.

D. V. Pham, A. Syed, and M. N. Halgamuge, Universal serial bus based software attacks and protection solutions, Digital Investigation, vol. 7, no. 3-4, pp. 172–184, 2011.

Z. Wang and A. Stavrou, Exploiting smart-phone USB connectivity for fun and profit, In Proceedings of the 26th Annual Computer Security Applications Conference, ser. ACSAC’10. New York, NY, USA: ACM, 2010, pp. 357–366.