Telecommunications networks provide radio telecommunication to users of mobile devices, typically according to agreed and standardised radio protocols, for example GSM, UTMS and LTE as would be known by the skilled person.
Mobile telecommunications devices are common and include mobile phones and in particular smartphones, tablet devices and other handheld computer devices, handheld personal assistants, and even communication devices situated in vehicles. All can provide users with telecommunication with each other and with access to the internet while moving around.
Access to the internet exposes devices to malware and malicious applications that may be downloaded, accidentally or otherwise, onto the mobile device from the internet. Typically, and often because of their smaller size and memory capacity, mobile telecommunications devices do not contain security features which are as stringent as those available for desk computers and other large devices with internet access. As such, these smaller mobile telecommunications devices are vulnerable to infection and attack by malware and malicious applications, which will typically infect the application processor of a mobile device. But because mobile telecommunications devices are also typically in direct contact with a radio telecommunications network the telecommunications network itself is vulnerable to attack from any malware or malicious applications residing on the mobile devices.
Previous methods to protect a telecommunications network from mobile device behaviour have sometimes focused on non-malicious device behaviour, such as congestion. For example, EP 2 096 884 describes a method of allowing access to a network by a device and describes use of a back off timer when the network is congested. Previous methods have also focused on methods which are applied entirely within the mobile handset itself. For example, “Taming Mr Hayes: Mitigating signaling based attacks on smartphones”, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), 2012, dsn, pp. 1-12, Collin Mulliner, Steffen Liebergeld, Matthias Lange, Jean-Pierre Seifert, describes a method of protecting a network from actions of a mobile phone by controlling the mobile phone from within. A method is proposed to detect aberrant or malicious behaviour from within the application processor of the mobile phone itself using a virtual partition of the application processor.
A disadvantage of this method is that the subsequent control of the phone, after malicious behaviour has been detected and according to the method described, is directed from inside the mobile device itself. But if the mobile device has been infected with malware there can be no real certainty that either the detection method or the subsequent control of device behaviour can be trusted. In operation of the method an infected mobile phone polices itself but the telecommunications network with which the phone is attached cannot be sure that the mobile phone can be trusted.
Similarly, US 2006/0288407 describes a method to perform detection on a mobile handset and therefore has a similar disadvantage.
Nevertheless, it is a problem to defend the network against attacks from a mobile telecommunications device infected with malware or a malicious application.