Identifying Account Association with Assistance from Mobile Networks using Cross-Service Attacks

In this paper, we draw attention to the problem of cross-service attacks, that is, attacks that exploit information collected about users from one service to launch an attack on the same users on another service. With the increased deployment and use of what fundamentally are integrated-services networks, such as 4G/LTE networks and now 5G, we expect that cross-service attacks will become easier to stage and therefore more prevalent. As running example to illustrate the effectiveness and the potential impact of cross-service attacks we will use the problem of account association in 4G/LTE networks. Account association attacks aim at determining whether a target mobile phone number is associated with a particular online account. The the case of 4G/LTE, the adversary launches the account association attacks by sending SMS messages to the target phone number and analyzing patterns in traffic related to the online account. We evaluate the proposed attacks in both a local 4G/LTE testbed and a major commercial 4G/LTE network. Our extensive experiments show that the proposed attacks can successfully identify account association with close-to-zero false negative and false positive rates. Our experiments also illustrate that the proposed attacks can be launched in a way that the victim receives no indication of being under attack.