Have you ever received an email asking you if you were interested in either increasing your penis size, buying prescription medication or free, or offering photos of naked girls? You might have been too busy helping a Nigerian prince to notice but these emails are extremely common. Last year 100 billion spam emails were sent in a day. Unfortunately, computers are not the only ones affected by this. The new trend is toward cell phone spamming through a system called premium services.
Downloading data on most cell phones in North America costs about five cents per kilobyte. The average email is somewhere in the range of about 10 kb. That’s about fifty cents per email. The means around this are blackberry and data plans; some cell phone companies offer the ability to buy blocks of data in advance. It is also common to offer unlimited browsing for all-in-one phones; this usually costs between seven to ten dollars. Most major North American cell phone providers do not offer unlimited data usage to their clients. The plans that do include that option are usually corporate and are not advertized. What does this mean, as far as spam (and anti spam filtering) is concerned?
Imagine that every time you received junk mail or spam on your computer you were charged $1.50 per message. The average person can receive dozens if not hundreds of spam emails per day. Imagine being charged a few hundred dollars every day just for using your hotmail account. No one would use it. But premium services for mobile phones charge around $1.50 every time you receive a text message from them.
What are premium services you might ask? Ever see those ads on television, usually between three and six pm? The ads that advertize great tips on love, awesome Simpsons trivia, pick up lines, contests, sports scores, etc.? These require someone to text message love, or homer, or something else to a five or six digit number. These are called short codes. When you text the short code, your phone number is entered into a computer which then automatically sends you a text message and bills your cell phone provider. These ads are specifically targeted to teenagers with cell phones. Teenagers more often than not have their parents pay for their cell phones. They do not know how much something on their cell phone costs and are less wary of the consequences.
This is all perfectly legal: the person who sends the short code message is effectively signing up for a service which can send them messages until the recipient of these services sends a voluntary stop all messages, at which point the computer will remove your number from the mailing list. Like all great scams, this can occur because of two things. The first is volume. Even if one in a thousand cell phone users takes on a premium service, that is still a serious number. There are roughly three billion active cell phones on earth. That would mean three million users per day, some receiving multiple services. That would mean somewhere in the range of 4.5 million dollars being made by these short code companies every day. There is very little over head needed since the services are all automated.
The second major threat is consumer apathy. Most people will not dispute the charges with their carrier once the service has been stopped. Most carriers cannot block the messages and it is up to the users themselves. It is not uncommon that in order to cancel the service you need to actually track down the short code on the internet, exposing yourself to pop-ups to find a 1-800 number to discontinue the service. No one cares about this kind of thing; most people do not even realize this exists. Short code companies are not administered by any federal telecommunication agency, Instead they are administered by privately owned lobby groups.
Now, consider the previous information about cell phone spam. Then consider that we are entering the new generation of cell phones. GSM networks and wi-fi hot spots now allow for fully functional mobile internet capable phones. The iPhone, Blackberries, and the Samsung Omnia are perfect examples. These new phones are marketed as allowing full access to internet. The potential for spamming these phones is incredibly high but there are no services at the moment set to protect them. Outside of using regular windows based anti-spam software there is no direct means of protecting the hardware itself.
These new phones are tiny portable computers. Zombie machines are compromised systems that allow for spammers to use that computer to send out email spam while reducing their overall bandwidth. Upload fees are the same as download fees for cell phones. The cost is about five cents per kb. Over half of the world’s spam is sent from zombie machines. Now if one of these iPhones is compromised, that means it is a mobile spammer that will be charged for every email sent. If the phone is sending a few hundred emails per day, while not on an unlimited plan, then you could be wracking massive charges for data usage. $1.50 charges would be seen as the good old days.
Every time a new anti-hacker or anti-spammer system is released (e.g. Network Intrusion Prevention System a.k.a NIPS) within a few days a way around it is found. Remember counterfeit proof money? Again, within a week there was a new means of counterfeiting. The technology is evolving so rapidly that the defense systems for them are outdated before the products are released. Making many new technologies open to attack while the safeguards are still being developed and then must be re-engineered to take into account the new tactics used by the hackers. It is a constant uphill battle that anti-spammers must face especially when considering the rate at which new devices are being released.
One last point: Xbox 360s and Playstation 3s all can be used as computers with simple modification. Both these devices are internet capable for online play. Any online device is open prey to viruses, Trojans, zombies and hackers. What is being done to protect these devices? Network barriers are there from NIPS but does only go so far and offer little real protection. So not much - remember that next time you’re playing Halo 3.
Image courtesy of Mike Kline |
