Solved

Can somebody hacks into a window server through gsm modem?

Posted on 2010-11-16
8
208 Views
Last Modified: 2014-10-18
I'm building a system which uses gsm modem. We receive sms of customer to order products and we send feed back sms to customer. However, I still have some questions while building this system:

1. Is there any way that hacker can enter my system through gsm modem? (I think that maybe gprs and 3G provides them some ways). A friend of mine also build a similar system, his server doesn't connect to LAN however he sometimes connect to server using gprs. After one night, the whole database in his server is deleted. That's why I ask this question.

2. Is there any solution to prevent when some hackers try to spam sms to make the system overloaded?

3. Is there any other risks with my system?

I have a team to build up mobile app to help customer transfer money through sms easily, I wonder if there is any way they can fake our app and make customer transfer money to their account? For example, android app can be automatically updated using android market. If someone tries to build a fake app and upload it to android market, my customer maybe upgrade the fake version. Could something like that happen?

In case these things happen, could you give me some advice how to overcome it?
0
Comment
Question by:nad1986
8 Comments
 
LVL 5

Expert Comment

by:dacasey
ID: 34162062
It's just another form of interface with the outside world.  Of course hacking a server through GSM is possible.  

.
0
 
LVL 3

Accepted Solution

by:
logic_chopper earned 250 total points
ID: 34175751
First let me start off by saying (and I'm sure you already know this), no system is 100% secure, there are only degrees of security and probabilities of sucessful attack against your system.  If security is a major component of your system then you really need to perform a security analysis of your system; there are many techniques for doing this (attack trees, etc, http://en.wikipedia.org/wiki/Attack_tree)  But really this is such a large topic it's not something I can give a complete answer on here.

>>1. Is there any way that hacker can enter my system through gsm modem? (I think that maybe gprs and 3G provides them some ways). A friend of mine also build a similar system, his server doesn't connect to LAN however he sometimes connect to server using gprs. After one night, the whole database in his server is deleted. That's why I ask this question.

Well yes but the interesting question is with what probability, and for that you will need to perform a security analysis of your system.  For example, if the server is not connected to the internet but only receives SMS messages then arguably it is more secure than if the GSM modem allows incoming connections via circuit switched data or GPRS allowing an attacker to use TCP/IP to connect directly to the machine.  But I'm only saying this as an *example* of the type of thing you would look at.

>>2. Is there any solution to prevent when some hackers try to spam sms to make the system overloaded?

Not that I know of except that sending SMS costs money to the attacker arguably making it less likely than simply having the system connected to the internet and having a DOS attack via TCP/IP.

>>3. Is there any other risks with my system?

Almost certainly, lots of risks that could be identified, but these could only be properly identified and mitigated with the help of someone who understands how to perform a security analysis of your system.

>>I have a team to build up mobile app to help customer transfer money through sms easily, I wonder if there is any way they can fake our app and make customer transfer money to their account? For example, android app can be automatically updated using android market. If someone tries to build a fake app and upload it to android market, my customer maybe upgrade the fake version. Could something like that happen?

The likelihood of that depends upon the requirements and architecture of your system.   To perform this type of analysis of your system is time consuming and you are unlikely to get a full analysis of your system for free from a site like this.  The best advice I can give you is to get a professional analyst to help you analyze the threats before the system is built (don't bring them in at the end of the project where they will not be able to provide much help in mitigating threats).
0
 

Author Comment

by:nad1986
ID: 34224237
Actually, I don't expect to have my system 100% percents safe. However, I want to know more how many ways a server can't be attacked so that I can be well-prepared.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 10

Assisted Solution

by:GlobaLevel
GlobaLevel earned 250 total points
ID: 35235645
then the real question is:

1) what apps do you have on your server
2) how much of it is exposed to the outside world...
3) your network...

bc..the hacker will try to diagnose your system...and and use a varaity of means to hack in..its never just one method...

per number 1)....
further broken down into  2 levels...
1.a - Operating System
1.b - Application level..

..with 1.a...if youhave an outdated server os...like windows server 2000..or even back to 95 ..you are more exposed than the recent OS...

--1.b..what kind of apps are you running..echange server? IIS?  File Server? Imge Server?
..so if you are running IIS5..its outdated and not as robust as IIS7...if you are running Exchange 2003...it brings a dirrent set of issues...

--also with 1.b..anti-virus...firewall...is your anti-virus software updated...? if outdate could have issues..
..you can break this app level down further to how are your apps coded..are you using new objects ...you server could break down internally due to bad code...that a vendor gave..this internal hacking..as oppsed to external...an infinite loop in an App that has internal dept approval to run..can be just as lethal as non approved hacker from across the world breaking..both achieve the same purposes..bringing you down..

...you have backup practices...but are they out of date?

per 2)...how much is opened to the outside world..are you using sockets...how many ports do you have open...are you using mobile phones..are the phones secure...if running a webserver...did you limit the amount of connections to prevent a DOS attack..

you have laptops...but they are not secure..and a salesperson leaves it at a restarant after a meeting...

per 3) ..network..
..do you have the bandwidth to transer/mirror/back up data to a SAN..in many orgs..the SAN is composed of old equipenment...what if this fails....the fan dies in the SAN...and the CPU seizes during a back up...and your new employee on your primary deletes all your data..you now dont have a backup.

..the server room..ive been in server room swhere the optic cable is running along the fllor so people step on it as walk by....if your devices cant communicate with each..who cares what an outsider does...


the point here is that in 80% of the situations internal personall are more responsible for bring the system down then outsiders...there fore plan for both...
0
 
LVL 10

Expert Comment

by:GlobaLevel
ID: 35235675
sorry for typos...but hope you get the idea...
0
 
LVL 1

Expert Comment

by:AdriaanDH
ID: 35734585
If your GSM modem is only used for sending and receiving SMS's you can disable the GPRS connection and thus greatly reduce your attack surface. I don't think there is much chance of being hacked via SMS.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Are you having trouble connecting or getting your iPhone / Samsung device(s) to sync with Microsoft Exchange Server?   What have you tried?   What haven't you tried?
In order to have all security and back ups taken care of, WordPress users can sign up for services with WP Engine.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now