Page 48 - Digital Financial Services security assurance framework
P. 48

b.  Data within the operator network is at risk due to   Mobile Subscriber allowing the attacker to have
               the lack of integrity protections employed within   access to confidential DFS information.
               these networks. Such information can be arbitrari-
               ly  modified  by an adversary  capable  of  gaining   8�  DFS operator - 3rd Party
               access to the network (e.g., through compromise
               of perimeter defences) or by a malicious insider.   a.  Data is subject to exposure if encryption is not
            c.  DFS providers who rely on the SIM as the secure   rigorously employed within and between provid-
               element and SIM/mobile numbers are used as the    er networks. Threats arise from information that
               financial account are likely to lose their accounts   is retrieved from outside the provider’s network
               during SIM recycling. Mobile operators who per-   perimeter (i.e., the external network), while the
               form periodic SIM recycling in which a mobile     insider threat exists within the network perimeter
               numbers are reallocated to new users if they have   (i.e., the internal network). Additionally, data can
               been dormant/inactive for a specified period on   be exposed if systems within the provider network
               the  GSM  network,  the  process  of  SIM  recycling   are infected with malware, which can be transmit-
               may create avenues for loss of access to a finan-  ted both over the network and through malicious
               cial account or its illicit transfers to another user.  peripheral devices attached to host systems (e.g.,
            d. Configurations and capacity limitations on the    malicious USB flash drives, or keyloggers installed
               MNO equipment could limit the service and avail-  in a keyboard). Such devices can exfiltrate data
               ability of digital financial services, limitations on   from the provider environment back to the adver-
               USSD session length could interrupt DFS transac-  sary.
               tions.                                          b.  An attacker who is able to gain access to external
            e.  The large expanse of the mobile operator’s net-  provider databases, e.g. through compromising
               work and physical infrastructure makes it suscepti-  software vulnerabilities, has the ability to tamper
               ble to access compromise through planting rogue   with financial data and sensitive provider informa-
               devices that can enable unauthorised remote       tion. In particular, the interfaces between networks
               access,  the  interconnectedness  of  the  DFS  eco-  provide a potential point of entry for an adversary
               system may allow one with rogue access to access   and must be closely monitored. Additionally, data
               beyond the MNO to the different stakeholders.     at rest is only as secure as the protections put in
            f.  Air interface and MSC interceptions: The MSC has   place on the hosts and servers storing this infor-
               capabilities that allow for lawful interception, priv-  mation.
               ileged access to the MSC means one can intercept   c.  A DFS server on which security updates are not
               communication, this access could be misused for   rigorously updated can be victimized by malware
               fraudulent financial gains by monitoring or deny-  and rootkits. All machines facing a public network
               ing DFS activity.                                 interface are potentially subject to network-based
            g. Denial of service attacks on Mobile networks,     exploit, including “zero-day” attacks that have
               this risk is increased by the fact that the opera-  never previously been seen. Systems can also be
               tors nodes like the MSC gateways connect to oth-  compromised through other I/O interfaces such
               er network operators using IP, this increases risk   as CD/DVD drives, USB ports, and other peripher-
               for flooding and resource attacks which usually   al interfaces where devices can potentially inject
               increase the amount of incoming traffic and can   malicious code and data.
               overload the IP stack and node processors, which   d. Inadequacy  in  DFS  operating system  hardening
               will force the node to either stop or restart directly   like default access and password settings, active
               affecting availability.                           non-essential  services,  active  insecure  protocol
            h.  Call re-routing and forwarding; An external attack-  like telnet and ftp, file access permissions, default
               er could gain access or one with access to the    network configurations, and user rights like who is
               Network equipment could  reroute  DFS  commu-     allowed to perform a shutdown.
               nication to another number, this could be done   e.  Uncontrolled access to external boot devices such
               through changing the Home location profile of the   as CD, DVD and USB, open access to BIOS without
                                                                 a password are attack surfaces to the DFS system.









           46    Digital Financial Services Security Assurance Framework
   43   44   45   46   47   48   49   50   51   52