A group of researchers from the University of Michigan and Microsoft Research
released a paper titled An Untold Story of Middleboxes in Cellular Networks
in which they reveal why and how cellular service is both sub-optimal and insecure.
How did they do it? They developed a tool called NetPiculet, which uses intelligent measurement to probe middlebox policies in cellular networks, focusing on firewalls
boxes, and released it into the wild in the form of an Android app. In addition to earning 50 points for coming up with a creative and effective way of gathering data from geographically diverse cellular networks, the team was rewarded with nearly 400 de facto
data-gatherers who collected information on 107 cellular carriers worldwide.
Physical view of the NetPiculet system
Apparently, the data gathering was a success. According to the paper:
By running NetPiculet in the major U.S. cellular providers as well as deploying it as a smartphone application in the wild in more than 100 cellular ISPs, we identified the key NAT and firewall policies which have direct implications on performance, energy, and security.
What their research found isn’t reassuring. Among the findings, the way networks handle TCP connections can lead to wasted energy on mobile devices; a few networks have vulnerabilities that allow IP spoofing; one major U.S. ISP has a vulnerability that allows blind data injection attacks; one major U.S. carrier severely cuts into network performance because it does deep packet inspection on out-of-order TCP packets; and some firewalls have a vulnerability that allows a hacker to continue an attack on a victim even after the target has closed the connection.
(Of note: The paper doesn’t mention any carriers by name, instead referring to them as, for example, “Carrier A” and “Carrier B”.)
In a nutshell, the problems appear to stem largely from the old left hand doesn’t know what the right is doing conundrum. In this case the left hand is the service provider and the right is app developers. The paper spells it out clearly:
Today, cellular network middleboxes and mobile applications are independently managed by two groups of entities: cellular operators (e.g., AT&T, T-Mobile) and application developers. The latter group is often unaware of the middlebox policies enforced by operators while the former has limited knowledge about the application behavior and requirements.
The researchers believe that their current and future findings, in addition to the widespread use it the NetPiculet tool can both help application developers have a better understanding of how to get their products to work the best with networks and also help carriers discover and address network problems and vulnerabilities. And although the findings are somewhat disconcerting, the researchers acknowledge that the bad policies aren’t particularly widespread.
An Untold Story of Middleboxes in Cellular Networks
has some juicy stuff in it; although it’s told in the most academic manner possible, the paper is worth a read.