Title :
Mobile Terminated SMS Billing - Exploits and Security Analysis
Author :
Garner, P. ; Mullins, I. ; Edwards, R. ; Coulton, P.
Author_Institution :
Dept. of Commun. Syst., Lancater Univ., Lancaster
Abstract :
This paper analyses mobile terminated (MT) SMS billing, an area of mobile commerce which has undergone massive growth with the maturation of mobile content delivery on 2.5G mobile networks. Although the short message service for GSM devices was never designed to be a facilitator for micropayments, premium SMS services have been embraced by many network operators worldwide. We investigate its inherent insecurity as a payment solution and show how existing systems can be used for fraud or to deceive users. From a UK perspective, we see how the standardisation of mobile platforms with J2ME combined with WAP delivery have enabled the rise of the mobile content industry, with premium SMS as the most method common of billing. Threats to the established business models are addressed, with particular attention paid to the potential for severe disruption from mobile (SMS) spam. Furthermore, we present attacks on MT SMS systems, showing how a malicious attacker could damage the mobile content industry by undermining consumer confidence in premium rate SMS payment solutions
Keywords :
cellular radio; electronic messaging; invoicing; protocols; standardisation; GSM devices; J2ME; WAP delivery; micropayments; mobile commerce; mobile content delivery; mobile networks; mobile platforms standardisation; mobile terminated SMS billing; security analysis; short message service; Business; Communication system security; Costs; Credit cards; Europe; GSM; Informatics; Java; Message service; Wireless application protocol;
Conference_Titel :
Information Technology: New Generations, 2006. ITNG 2006. Third International Conference on
Conference_Location :
Las Vegas, NV
Print_ISBN :
0-7695-2497-4
DOI :
10.1109/ITNG.2006.94
