Ohio State research helps U.S. cell phone carriers address security weakness

Secure mobile data charging (MDC) is critical to cellular network operations. Customers expect cell phone providers like Verizon, AT&T, Sprint and T-Mobile to charge them only for the data they have used. Likewise, providers also expect and value billing accuracy.

Researchers from The Ohio State University and UCLA analyzed 3G/4G cellular network MDC systems and discovered significant security vulnerabilities that can allow unauthorized usage of data plans by attackers through other devices, resulting in unexpected charges for the customer.

Ohio State Assistant Professor of Computer Science and Engineering Chunyi Peng led the research along with UCLA colleagues Chi-Yu Li, Hongyi Wang, Guan-Hua Tu and Songwu Lu. Their findings and proposed defenses for cell phone providers were published in materials for the 21st ACM Conference on Computer and Communications Security (CCS) in November 2014.

Secure mobile data charging should meet three requirements: authentication that the customer being billed for the data transfer is the same person that performed the transfer; authorization of specific charges by the customer; and accuracy of the volume of data transferred to the customer's device. Peng said that they found all three could be breached and impose real financial loss to the victimized customer.

"The three concrete vulnerabilities were authentication bypass, authorization fraud and accounting volume inaccuracy," she said. "The root causes lie in technology fundamentals of cellular networks and the Internet IP design, as well as imprudent implementation."

As one example of fraudulent use, Peng said that an attacker could hijack a victim's outbound Internet access to upload hundreds of pictures to Facebook without the victim knowing until they received their bill or happened to check their data usage. A data hijacker could also stealthily launch malicious spam attacks from the victim's account, consuming large amounts of data.

Global mobile data traffic grew 69% in 2014 and is projected to increase 10-fold by 2019, according to Cisco’s Virtual Networking Index.

Since their presentation at CCS last November, Peng and her colleagues have consulted with cell phone providers to suggest network fixes and billing fraud defense tactics. Two providers have upgraded their carrier networks and implemented fixes addressing the research team's billing fraud discovery.