Exposing Vulnerabilities in Mobile Networks: A Mobile Data Consumption Attack
This exposes a security flaw affecting smartphone users and carrier billing systems, with incremental implications for network security.
The paper identifies a vulnerability enabling attackers to covertly switch a victim's smartphone from Wi-Fi to cellular data during large file downloads, causing unauthorized data consumption; tests confirm feasibility and inaccuracies in mobile network data usage recording.
Smartphone carrier companies rely on mobile networks for keeping an accurate record of customer data usage for billing purposes. In this paper, we present a vulnerability that allows an attacker to force the victim's smartphone to consume data through the cellular network by starting the data download on the victim's cell phone without the victim's knowledge. The attack is based on switching the victim's smartphones from the Wi-Fi network to the cellular network while downloading a large data file. This attack has been implemented in real-life scenarios where the test's outcomes demonstrate that the attack is feasible and that mobile networks do not record customer data usage accurately.