One of the most effective attacks on computer networks and servers is a Denial of Service (DOS) attack or a Distributed Denial of Service (DDOS) attack. Although a mobile network itself is not specifically vulnerable for these kinds of attacks, the individual mobile phones connected to it are. With modern mobile devices, like smart phones, all kinds of software applications may be downloaded. When distributed effectively, malicious code may cause the individual mobile device to become (temporarily) useless.
One of these threats relates to malware, which is capable of changing a personalization application of a mobile device. The personalization application is commonly known by the name of SIM lock. A personalization application, which is described in ETSI TS 101624, uses an indicator, typically a flag, within the memory of the device for indicating that the device is either in a locked or an unlocked state. A lock application may lock a mobile device to different types of information associated with the mobile device, such as the SIM card in the mobile device, a service provider and/or the network.
When a locked mobile phone is switched on, the application retrieves the relevant information from the SIM and verifies that it corresponds to the lock conditions stored in the memory of the mobile device. Unlocking a mobile device requires a secret unlock code which is stored in a database or calculated by a secret algorithm, typically using the IMEI which is stored in the memory of the mobile device. However, as the unlocking algorithm is often disclosed by hackers and the IMEI code of the phone is not located in the protected memory of the phone, it may be quite easy to determine the unlocking code. Further, the memory of a mobile telephone may not be sufficiently protected, allowing direct modification of the locking flag without using the unlock code. Furthermore, once a mobile phone is unlocked or if it was never locked for certain personalization categories in the first place (e.g. service provider or network), locking it, for example at a different SIM or a different network, can be done with a simple command; it does not require the knowledge of a secret code. This holds for all categories for which the personalization flag is set to ‘off’.
Methods for controlling locking states transitions in a mobile terminal are known from US2008/227432 and GB2380356. These methods however do not describe ways for preventing malicious code from setting a mobile terminal back in its former locked state. It thus may be relatively easy to change the locking state of a mobile device resulting in an effective DOS attack. In case the distribution scale of the malicious code is large enough, which is relatively easy to achieve, a significant number of mobile devices could be taken out of operation, causing serious damage to users and mobile providers. Unlocking takes extremely time-consuming effort with mandatory human interaction.
Hence, there is a need in the art for methods and systems for controlling a transition from a current first locking state to a further second locking state, in particular the SIM locking state, of a mobile terminal.