Jasper is now part of Cisco

Learn More

Privacy Statement has been updated. Read statement

About Cisco

Jasper is now part of Cisco

Learn More

About Cisco

Privacy Statement has been updated. Read statement

Protect your IoT business with Control Center SMS whitelisting

SMS-Whitelisting-Protection-Desktop-Listing
SMS-Whitelisting-Protection-Mobile-Main
SMS-Whitelisting-Protection-Mobile-Listing
July 11, 2017

by

Kailash Kothari

With increasing adoption of IoT, businesses are transforming their products into services, moving beyond one-time sales to ongoing customer engagement that drives recurring revenue. While IoT opens up unlimited growth potential, these connected ecosystems also open up vulnerabilities that are being exploited for malicious misuse.

While there’s no single answer for all of the threats, Cisco Jasper is addressing the challenge with an innovative security solution for situations where SMS services may be used to exploit weaknesses in IoT devices and applications. In the Control Center automated connectivity management platform, SMS whitelisting functionality deepens security for both application access and device lifecycle management.

The threat

Let’s start with understanding the risks. As consumers, we’re used to exchanging text messages as a benign experience, only now and then interrupted by an unsolicited SMS. IoT devices, however, can process a whole other breed of SMS messages. AT commands can be used to query anything from the signal strength to the registered network to IMEI (device identifier) and IMSI (SIM identifier used by the network) for the device. At the surface, these may sound only marginally harmful, but things can get murky very quickly.

If IoT devices (and the applications running on them) are not programmed correctly and securely, data can be downloaded and malicious code can be executed on the device. A compromised device can in turn be used to attack other devices (like the famous DDOS attack of last year, although that didn’t rely on SMS service). While this possibility has existed for a long time, there is an increased risk of malicious attacks as IoT is adopted by the masses. Almost anyone with a hundred bucks or so could buy a module, program applications, and quickly deploy an IoT-enabled device that could be used for fraud.

The Cisco Jasper solution

Further strengthening the multi-layered security of Cisco Jasper Control Center, SMS whitelisting is the first-of-its-kind in the IoT industry. Enterprises can configure an MO (outgoing) and/or MT (incoming) whitelist of short codes and phone numbers (MSISDNs) for their account – typically short codes of trusted backend applications and phone numbers of trusted technicians. This capability ensures that all devices in the enterprise account send and receive messages only to authorized entities on the whitelist.

Configuring your MO and / or MT whitelist

Configuring your MO and/or MT whitelist

 

The MO whitelist controls outbound messages, i.e., which short codes can send messages from an enterprise device. The MT whitelist controls inbound messages, that is, short codes that can send messages to enterprise devices. 

Behind the scenes, we automatically configure system short codes for you, to ensure messages from these short codes will never be blocked. These are trusted short codes used by Control Center or your applications, and have been jointly configured for use.

Viewing system short codes

Viewing system short codes

 

You can also audit changes made in the recent past using the Audit Trail user interface.

Viewing the audit trail

Viewing the audit trail

 

Behind the scenes

Control Center’s tight integration with service provider network systems makes our platform uniquely positioned to support real-time whitelisting of SMS traffic as it flows through the network.

Conceptually, the SMSC (operator infrastructure component responsible for SMS delivery) taps into a whitelist application that gives the SMSC a Yes/No answer on whether or not a particular SMS should go through. The application knows the logic to be executed using information provisioned by Control Center, based on device and enterprise account information and the configured whitelist.

 

Solution overview

Solution overview

 

As IoT continues to evolve, so will security needs. Protecting your business with informed strategies and solutions helps you maximize the benefits of your IoT deployment, while plugging any security vulnerabilities. SMS whitelisting is one powerful way to take control of your IoT business. 

Check out more IoT best practices, and subscribe to our blog to catch all the latest insights.

Note: Availability of SMS whitelisting depends on the nature of your service provider’s network integration with the Cisco Jasper platform. We may need an implementation project beyond the core functionality outlined above to deploy this feature for your instance of Control Center. There may be a price associated with adding this capability. To learn more, talk with your Cisco Jasper sales representative or request a call.

Post a comment

Comments

2 months ago
Comment:
It is a wonderful concept truely explained in a simple language for such a complex subject

Post a Comment:

Subscribe

By email

Follow Us