Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 231
  • Last Modified:

Can somebody hacks into a window server through gsm modem?

I'm building a system which uses gsm modem. We receive sms of customer to order products and we send feed back sms to customer. However, I still have some questions while building this system:

1. Is there any way that hacker can enter my system through gsm modem? (I think that maybe gprs and 3G provides them some ways). A friend of mine also build a similar system, his server doesn't connect to LAN however he sometimes connect to server using gprs. After one night, the whole database in his server is deleted. That's why I ask this question.

2. Is there any solution to prevent when some hackers try to spam sms to make the system overloaded?

3. Is there any other risks with my system?

I have a team to build up mobile app to help customer transfer money through sms easily, I wonder if there is any way they can fake our app and make customer transfer money to their account? For example, android app can be automatically updated using android market. If someone tries to build a fake app and upload it to android market, my customer maybe upgrade the fake version. Could something like that happen?

In case these things happen, could you give me some advice how to overcome it?
0
nad1986
Asked:
nad1986
2 Solutions
 
dacaseyCommented:
It's just another form of interface with the outside world.  Of course hacking a server through GSM is possible.  

.
0
 
logic_chopperCommented:
First let me start off by saying (and I'm sure you already know this), no system is 100% secure, there are only degrees of security and probabilities of sucessful attack against your system.  If security is a major component of your system then you really need to perform a security analysis of your system; there are many techniques for doing this (attack trees, etc, http://en.wikipedia.org/wiki/Attack_tree)  But really this is such a large topic it's not something I can give a complete answer on here.

>>1. Is there any way that hacker can enter my system through gsm modem? (I think that maybe gprs and 3G provides them some ways). A friend of mine also build a similar system, his server doesn't connect to LAN however he sometimes connect to server using gprs. After one night, the whole database in his server is deleted. That's why I ask this question.

Well yes but the interesting question is with what probability, and for that you will need to perform a security analysis of your system.  For example, if the server is not connected to the internet but only receives SMS messages then arguably it is more secure than if the GSM modem allows incoming connections via circuit switched data or GPRS allowing an attacker to use TCP/IP to connect directly to the machine.  But I'm only saying this as an *example* of the type of thing you would look at.

>>2. Is there any solution to prevent when some hackers try to spam sms to make the system overloaded?

Not that I know of except that sending SMS costs money to the attacker arguably making it less likely than simply having the system connected to the internet and having a DOS attack via TCP/IP.

>>3. Is there any other risks with my system?

Almost certainly, lots of risks that could be identified, but these could only be properly identified and mitigated with the help of someone who understands how to perform a security analysis of your system.

>>I have a team to build up mobile app to help customer transfer money through sms easily, I wonder if there is any way they can fake our app and make customer transfer money to their account? For example, android app can be automatically updated using android market. If someone tries to build a fake app and upload it to android market, my customer maybe upgrade the fake version. Could something like that happen?

The likelihood of that depends upon the requirements and architecture of your system.   To perform this type of analysis of your system is time consuming and you are unlikely to get a full analysis of your system for free from a site like this.  The best advice I can give you is to get a professional analyst to help you analyze the threats before the system is built (don't bring them in at the end of the project where they will not be able to provide much help in mitigating threats).
0
 
nad1986Author Commented:
Actually, I don't expect to have my system 100% percents safe. However, I want to know more how many ways a server can't be attacked so that I can be well-prepared.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
GlobaLevelCommented:
then the real question is:

1) what apps do you have on your server
2) how much of it is exposed to the outside world...
3) your network...

bc..the hacker will try to diagnose your system...and and use a varaity of means to hack in..its never just one method...

per number 1)....
further broken down into  2 levels...
1.a - Operating System
1.b - Application level..

..with 1.a...if youhave an outdated server os...like windows server 2000..or even back to 95 ..you are more exposed than the recent OS...

--1.b..what kind of apps are you running..echange server? IIS?  File Server? Imge Server?
..so if you are running IIS5..its outdated and not as robust as IIS7...if you are running Exchange 2003...it brings a dirrent set of issues...

--also with 1.b..anti-virus...firewall...is your anti-virus software updated...? if outdate could have issues..
..you can break this app level down further to how are your apps coded..are you using new objects ...you server could break down internally due to bad code...that a vendor gave..this internal hacking..as oppsed to external...an infinite loop in an App that has internal dept approval to run..can be just as lethal as non approved hacker from across the world breaking..both achieve the same purposes..bringing you down..

...you have backup practices...but are they out of date?

per 2)...how much is opened to the outside world..are you using sockets...how many ports do you have open...are you using mobile phones..are the phones secure...if running a webserver...did you limit the amount of connections to prevent a DOS attack..

you have laptops...but they are not secure..and a salesperson leaves it at a restarant after a meeting...

per 3) ..network..
..do you have the bandwidth to transer/mirror/back up data to a SAN..in many orgs..the SAN is composed of old equipenment...what if this fails....the fan dies in the SAN...and the CPU seizes during a back up...and your new employee on your primary deletes all your data..you now dont have a backup.

..the server room..ive been in server room swhere the optic cable is running along the fllor so people step on it as walk by....if your devices cant communicate with each..who cares what an outsider does...


the point here is that in 80% of the situations internal personall are more responsible for bring the system down then outsiders...there fore plan for both...
0
 
GlobaLevelCommented:
sorry for typos...but hope you get the idea...
0
 
AdriaanDHCommented:
If your GSM modem is only used for sending and receiving SMS's you can disable the GPRS connection and thus greatly reduce your attack surface. I don't think there is much chance of being hacked via SMS.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now