Re: 3G cards and security...

[Michael Puchol <mpuchol () sonar-security com>]

Murad Talukdar wrote:
> > Hi all,
> > Does anyone have any links to white papers etc that detail the security
> > aspects of 3g wireless cards like the Vodafone mobile connect card?
> >
> > I can't seem to find anything remotely useful on the Vodafone site.

Hi Murad,

This is because they have a very poor attitude towards security. I did
some tests while building an IP stack for an embedded device, which had
to connect to the internet using GPRS/3G, and I noticed an incoming
stream of packets, which I then identified as the usual flurry of port
scans traveling the net. NetBIOS was of course the most common one. If I
send an ACK to any of them, they would try to connect.

I then went onto investigating Vodafone's take on this, and for
starters, I could not find anyone technically proficient enough in Spain
to answer my questions. They just knew "Windows", "Internet", and "if
you can connect and check your email, what is the problem". I tried
contacting someone involved in security or networks in the UK, and I got
partial answers. In summary:

1. They assign public IP addresses to their 3G/GPRS costumers.
2. They do NOT have any form of firewall or filter to block NetBIOS
scans or other well-known attackable ports.
3. They do NOT even give their costumers the option to ask for said
ports to be blocked.
4. They actually *charge* you for receiving these scans.

It has been previously documented that monetary DoS attacks against GPRS
are possible, where you basically flood their IP blocks with data, which
their costumers end up paying for. Not useful, but I bet their CFO is
happy - why would they want to block revenue streams?

It won't stop you paying for scans you receive, but it helps to have a
software firewall to stop them going further.

Best regards,

Mike
www.sonar-security.com