We see this form of attack in the Internet domain already. Web sites that are masquerading
as legitimate Web sites are used to coax sensitive information from unsuspecting
consumers. This could become a major problem within the IMS if there is no
means to verify the network.
Procedures are defined for IMS that allow the user device to authenticate the IMS
network to ensure it is communicating with the trusted domain of the service provider
(or authorized partner). There are other measures we will talk about later that help
prevent this as well.
Message Body Tampering
Tampering with the message body requires access to the message body, which without
encryption is very easy. Since SIP is sent in plain text (rather than binary coded), it is
very easy to eavesdrop on a SIP network and read the contents of the messages.
Depending on the type of SIP message, this has varying consequences. If the message
body contains a text message containing the message ???call me??? and provides a
telephone number, the text message could be modified and delivered to the destination
with a different number. The receiver would then respond back to the rogue subscriber
rather than the legitimate sender of the message. There are many other examples of
how this method could be used to steal identities and obtain personal information from
unsuspecting subscribers.
Pages:
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292