Cloudmark Dives Into Antispam for Mobile Carriers

Mobile Spam

With Asian mobile carriers already fighting a rising tide of wireless spam, Cloudmark is looking to get ahead of the deluge before it arrives on other shores, courtesy of the longtime antispam player’s new MobileAuthority service.

Today’s debut of Cloudmark MobileAuthority comes as the latest sign that mobile spam is increasingly in the spotlight as a growing threat. Earlier this month, U.S. legislators began working on laws to contain a problem that’s only forecast to grow over time.

Part of the problem is that like with e-mail, SMS text messages poses few barriers to entry for would-be spammers.

“SMS is now virtually free, and spammers like free,” Cloudmark CEO Hugh McCartney

He added that 40 percent of SMS messages in China are now spam, and that that the wave of mobile spam is just beginning.

“Spammers are still doing their market research,” he said. “They are not yet in production.”

To help wireless carriers fight back, Cloudmark developed MobileAuthority, which it created by adapting its Sender Intelligence reputation solution, designed for IP networks, to the carriers’ SS7 systems.

Doing so involved teaching the software a new messaging architecture and also teaching it how to connect messaging accounts with their phone numbers.

The offering’s second component is spam fingerprinting. This technique, common in antispam and antivirus software from many providers, identifies spam messages and then blocks messages that resemble them.

Cloudmark CTO Jamie De Guerre, told that Cloudmark deploys honeypots to improve its accuracy. He also noted that it’s not as easy to deploy a cellular honeypot as it is to deploy an IP honeypot: While an IP honeypot simply requires an IP address, a cellular honeypot requires a phone number, which is a scarce resource for many mobile phone companies.

“We are working with the cellular operators on reporting this data,” De Guerre said. “In the long term, we would like to see a standard from the Open Mobile Alliance (OMA), the GSM Alliance (GSMA), the CTIA, or a similar industry association.”

The MobileAuthority service’s third component is an expert security team that helps customers evaluate the threat, Cloudmark said.

“Mobile operators may not yet have security teams,” De Guerre said, though he added that many are now building security teams as the global threat on mobile networks starts to resemble that of fixed-line data.

Focus on security

Carriers are concerned because spam affects the value of the network and the value of the company. McCartney said that it can reduce customers’ willingness to use their cell phones to do banking and make payments, an increasingly important source of revenue.

Furthermore, spam makes the carrier look bad and impacts its brand name. Carriers can look particularly bad if minors are victims, and many minors own cell phones.

Making matters worse, it’s no longer just messaging spam that poses a threat. De Guerre said that attacks on mobile phones are already very sophisticated.

“We do not yet see command and control botnets, but worms are able to disable other applications, self-distribute, and to take advantage of social engineering,” he said.

Criminals cash in

And the stakes may be higher than in the PC realm.

“Attackers can make more money on cellular networks than they can make with e-mail spam,” De Guerre said. “The fraud scenarios grow just based on the fact that there’s a bill associated with each phone number.”

[cob:Special_Report]One danger involves thieves obtaining a text messaging shortcode. While De Guerre noted that carriers have policies and procedures in place to ensure that everyone with a shortcode is a legitimate business, they have been fooled on occasion.

“In one attack last year, those who sent a message to a shortcode and typed in their PIN were charged $70 per month in fees,” De Guerre said. “Of course, the operator refunded the charges but was unable to get any money from the fraudster.”

More sophisticated attacks involve spoofing and faking. For example, a complex attack copies the network identity of a cell phone and incurs roaming charges on its account in the third world.

This problem is good news for those companies that are in a position to help solve it, however.

“Few people pay for e-mail, so e-mail is a cost center for ISPs,” McCartney said. “For mobile providers, e-mail is a profit center, and carriers can put a real price on each mobile attack.”

He declined to discuss Cloudmark’s pricing, but claimed that the company’s price is often less than 5 percent of the savings it delivers to its carrier customers. “We charge by transactions per second, so as a
carrier’s traffic grows, so does our reward.”

News Around the Web