12,000
We have over 12,000 students, from over 100 countries, within one of the safest campuses in the UK
94%
94% of Lancaster students go into work or further study within six months of graduating
Mobile Terminated SMS Billing — Exploits and Security Analysis.
Research output: Contribution in Book/Report/Proceedings › Paper
Published
- Department of Engineering
- Lancaster Institute for the Contemporary Arts
- School of Computing and Communications
Associated organisations
| Publication date | 2005 |
|---|---|
| Host publication | Third International Conference on Information Technology: New Generations (ITNG'06) |
| Publisher | IEEE |
| Pages | 294-299 |
| Number of pages | 6 |
| ISBN (Print) | 0-7695-2497-4 |
| Original language | English |
Conference
| Conference | IEEE Third International Conference on Information Technology : New Generations |
|---|---|
| City | Las Vegas, USA |
| Period | 1/04/06 → … |
Conference
| Conference | IEEE Third International Conference on Information Technology : New Generations |
|---|---|
| City | Las Vegas, USA |
| Period | 1/04/06 → … |
Abstract
This paper analyses mobile terminated (MT) SMS billing, an area of mobile commerce which has undergone massive growth with the maturation of mobile content delivery on 2.5G mobile networks. Although the short message service for GSM devices was never designed to be a facilitator for micropayments, premium SMS services have been embraced by many network operators worldwide. We investigate its inherent insecurity as a payment solution and show how existing systems can be used for fraud or to deceive users. From a UK perspective, we see how the standardisation of mobile platforms with J2ME combined with WAP delivery have enabled the rise of the mobile content industry, with premium SMS as the most method common of billing. Threats to the established business models are addressed, with particular attention paid to the potential for severe disruption from mobile (SMS) spam. Furthermore, we present attacks on MT SMS systems, showing how a malicious attacker could damage the mobile content industry by undermining consumer confidence in premium rate SMS payment solutions.