Security Issues when Connecting Computers to Cellular Networks
The networks run by cellular providers aren't just for cell phones anymore. Today's 3G and 4G networks also provide wireless connections for laptops and even desktop systems via GSM or CDMA modems, cards and built-in chips, or by connecting to a mobile hotspot device such as the MiFi. You can also tether your computer to your cell phone to use its Internet connection, either via a USB cable or "mobile hotspot" capabilities built into the phone.
The history of cellular networks
Cellular technology, like other wireless technologies, uses radio signals to communicate over the air. Cellular networks are so named because the area within which you can pick up a signal from a particular tower is called a cell. In the early days of cellular technology, in the 1960s, mobile phones could only operate within a cell; if the phone moved outside the cell (range of the tower where the call was begun), the call would be cut off. In the 1970s, the concept of automatic call handoff (or handover) came into being. This means a voice call or a data session can be transferred from one tower to another as the phone or device moves.
Early cellular communications used analog transmissions and were called AMPS for Advanced Mobile Phone System. Digital AMPS services (which superseded AMPS in the 1990s) use the same towers and use the AMPS protocol to set up a call but then switch to digital transmission. Another system, PCS, uses a different set of towers and different (higher) frequencies. Because of the higher frequencies, there is less distance between towers.
The first commercial cellular networks are referred to as 1G (for first generation). These were launched in Japan, Scandinavia, the U.K., Mexico, Canada and the U.S. in the late 1970s and 1980s. The next generation of cellular, 2G, came about in the 1990s. In the U.S., two different technologies developed, GSM (used by AT&T and T-Mobile) and CDMA (used by Sprint and Verizon). 1G networks handled voice only. 2G networks added SMS/text messaging, and the ability to download content.
Internet service on mobile phones was introduced in 1999 in Japan. This led to the need for a new type of data transmission that could provide faster performance. 3G services were developed to fill that need, and replaced the old circuit switching transmission (traditionally used by landlines and used by 1G and 2G cellular networks) with packet switching (used on TCP/IP local area networks and Internet providers). The higher speeds and better reliability of 3G made use of the cellular networks for Internet access practical.
Today's fastest networks are called 4G, although it is implemented differently by different cellular carriers and there is disagreement within the industry about what constitutes "true 4G." 4G technologies include LTE (used by Verizon), Wi-Max (used by Sprint) and HSPA+ (used by AT&T and T-Mobile, which some argue would be more accurately called 3.5G). AT&T plans to migrate to LTE in the near future. 4G is designed with data in mind, and can handle high-bandwidth applications such as streaming video.
How cellular networks work
The basic components of the cellular network are:
- The wireless network
- The core network
- The Internet connection
- The PSTN
Cellular users access the network via radio signals between their devices and the cellular towers. This wireless network is also connected to the core network, which is a wired network. The wired core network connects to the Public Switched Telephone Network (PSTN) for making voice calls to landlines. The core network also connects to the Internet, using protocol gateways and multiprotocol mobility managers, for sending data to and receiving data from other data networks. The core network uses service nodes, which are servers, to store data such as subscriber information. Of course, it's far more complicated than this, but this describes the basic architecture of how the components of the cellular network interoperate.
Anyone who has worked in network administration and security knows that any network is only as secure as its weakest point. The problem with complex internet works such as the cellular networks is that they have so many parts and thus so many potential points of security failure. Overall security of cellular data transmission depends on the security of all of the four major components listed above.
Wireless communications are inherently more difficult to secure than wired transmissions. When signals go through the airwaves, it's easier to intercept them because you don't have to physically tap into a line. Anyone with a transmitter/receiver can capture the signals. Since it's difficult or impossible to prevent the interception of the signals, the key to securing a wireless network is encrypting those signals so that they will be useless to any unauthorized party who does intercept them. Early cellular networks did not adequately secure the wireless signals in transit. However, 3G (and above) networks use strong cipher keys to encrypt the signals. Two way authentication is used to prevent the use of cloned cellular devices. 3G networks are still vulnerable to Denial of Service (DoS) attacks.
Security of the core network refers to the security of the service nodes (servers) and the security of data in transit over the wire between the service nodes. The MAPSec (Mobile Application Part Security) protocol provides security for the application layer protocol that is used for exchanging information that is specific to a subscriber and authentication information. IPSec is also used on the core network to protect communications in transit between service nodes. However, use of MAPSec and IPSec is optional and up to the service provider. Each provider has its own security policies regarding physical security of the servers and remote access to those servers.
Just as the Internet poses a threat to home networks connected to it, it also poses a threat to the core network. Attacks can travel from the Internet through the gateways and infiltrate the core network. These include DoS attacks and SMS (text) spam. Because it is connected to the Internet through the core network, the PSTN's security cannot be assured, either. The PSTN was designed as a closed network and so did not include security mechanisms designed to protect from the types of threats that can come in from the Internet. The SS7 protocols it uses are plaintext and don't include authentication.
The good news is that cellular carriers are becoming more aware of the vulnerabilities of the cellular networks and are taking steps to remedy them. Nonetheless, it's just as important for you to take measures to secure your own data and systems when operating them on a cellular network. Recent reports, such as the McAfee report on mobile security released this month, focus on smartphone and tablet operating systems, but it's important to realize that laptops and desktops connected to the Internet via cellular transmissions need to be protected, as well.
Security best practices on a cellular network
Not surprisingly, the steps that an end-user needs to take when connected to a cellular network are much the same as best practices on any other network. The key here is that when you use a cellular Internet connection, you're subject to the same threats - malware, viruses, DoS attacks, intrusions - as with any other Internet connection. There are also vulnerabilities specific to the devices; for example, there were reports that the GPS on the 3G MiFi mobile hotspot could be enabled without the user's knowledge if you happen to visit the wrong malicious web site. The latest version of the MiFi, made for Verizon's LTE network, comes with the GPS chip deactivated.
The big risk on the cellular networks is that many users won't be as cognizant of the risks as when, for instance, they connect to a wi-fi network. However, using the cellular network is generally more secure than using an open public wi-fi hotspot.
Because of the complexity of the network architecture, you can never be assured of end-to-end security. Thus host-based security becomes paramount. When using a 3G/4G device or mobile hotspot feature with your laptop, there may be two network segments to worry about: the 3G/4G wireless signal to the hotspot device or phone, and the wi-fi connection between the device/phone and the laptop. If you have the option to connect to the 3G/4G device/phone via either wi-fi or USB tethering, remember that the latter is more secure because you eliminate the possibility of data transmitted between the device/phone and the laptop being intercepted wirelessly. If your device offers the option, set it to automatically disable wi-fi when a computer is connected to it over USB.
Here are some standard precautions to take:
- Ensure that your 3G/4G device - whether a USB modem, a MiFi device, a card or a smart phone - has all available updates installed to address vulnerabilities in the firmware or software
- Have a firewall installed and properly configured on the host device
- Have anti-virus and antimalware software installed and turned on
- Use strong passwords or multi factor authentication for accessing sites involving financial data or sensitive personal information
- Enable logging and alerting
- For the wi-fi part of the connection, enable WPA2 encryption
- On a mobile hotspot device such as the MiFi or Sprint's Overdrive, disable SSID broadcasting and disable the DHCP server
- When using a mobile hotspot device or the mobile hotspot function your phone, which allows for multiple computers to use the 3G or 4G connection, monitor the hotspot software to be sure only devices you know about are connected
- If the device allows you to set a maximum number of users, set this to 1 if you are going to be the only one connecting to the device
- Change the default administrative passwords on your 3G/4G devices
- If your 3G/4G device supports MAC filtering, enable it and create a whitelist of the physical addresses of devices (such as your laptop) that you want to be able to use the 3G/4G network, and block all others
Cellular security issues for network admins
It's also important for network admins to recognize the possibility that corporate users can pop a 3G or 4G card or modem into their laptops and access the Internet through a cellular network, bypassing corporate gateways, while also connected to the internal network over Ethernet. This can pose a threat to the internal network, since the user can visit web sites or run protocols or applications that would be blocked by the corporate firewalls. AT&T security chief Ed Amoroso discusses that in this video