Killer SMS Demonstrated
Daniel Bailey in Business on December 28

Killer SMS Demonstrated | ConceivablyTech

Tags: security, smartphone

There have been rumors that malicious SMS messages could damage cell phones or even explode devices, which have been largely dismissed as coincidences or false reports. However, two scientists from Technical University in Berlin, Germany, have found that attacks on cellphones via SMS are possible and may even threaten the entire infrastructure of a carrier.

Collin Mulliner and Nico Golde disclosed the information in their talk at the hacking conference 27C3, which currently takes place in Berlin. The vulnerabilities do not affect smartphones, but traditional feature phones which typically use a much simpler application structure and crash as soon as an application is crashed. The two scientists used this approach and flooded several cellphone models with 120,000 text messages, some with attachments such digital business cards, in an isolated network, according to a report published on German website heise.de.

While market researchers believe that half a billion smartphones will be sold this year, there are more than 4 billion simple phones in the world and are potentially exposed to an exposed SMS attack.

According to the report, the Nokia 540 reacted with a “white screen of death” and forced a restart of the device and shut down the device entirely after the third attack. Samsung devices apparently are vulnerable to SMS messages that are separated into multiple parts. Buffer overflow attacks especially affect LG phones and one phone was put into a permanent offline state. Depending on the number of SMS messages sent, an attacker could prevent individual users from being reachable. If thousands of users are attacked at the same time, an entire network could be in trouble, if they all try to sign on at the same time again, Mulliner and Golde said.

Both researchers criticized that there are not enough contacts at manufacturers to report vulnerabilities and the delivery of patches to users is too complicated.

__________________
"Patriotism means being loyal to your country all the time and to its government when it deserves it."-- Mark Twain

"Inter arma silent Musae"--when the weapons speak, the muses fall silent.

An't nanum hearm deth, doth hwaet ye willath.

It is forbidden to kill; therefore all murderers are punished
unless they kill in large numbers and to the sound of trumpets. -Voltaire

Economic Left/Right: -3.88
Authoritarian/Libertarian: -4.36

okay a few years ago we bought this machine at church that calls people and gives them messages.....announcing things like illnesses or changes in meeting times.....
it takes a minimum of one minute to make a connection between two phones automatically...now I assume there are more efficient systems out there but the point remains.....you need an expensive and sophisticated system to target and damage even one phone.....what risk does this pose to an entire city full of phones.......

__________________
....attached to sanity by a bungee cord.....

You can send SMS messages from a personal computer. I use that for system notifications of various sorts, plus it's free.

According to the article if enough messages are sent to a phone at one time the phone will die.

So automated SMS plus online phone book = potential Denial of Service attack.

F

__________________
"Patriotism means being loyal to your country all the time and to its government when it deserves it."-- Mark Twain

"Inter arma silent Musae"--when the weapons speak, the muses fall silent.

An't nanum hearm deth, doth hwaet ye willath.

It is forbidden to kill; therefore all murderers are punished
unless they kill in large numbers and to the sound of trumpets. -Voltaire

Economic Left/Right: -3.88
Authoritarian/Libertarian: -4.36

so, how many personal computers do you have to have in operation to kill one cell phone with denial of service?......

__________________
....attached to sanity by a bungee cord.....

Depends on how many messages are needed to kill the phone. The article says they sent 120,000, but if it only needs 10,000 my ordinary PC could do that in 10-15 minutes or so.

F

__________________
"Patriotism means being loyal to your country all the time and to its government when it deserves it."-- Mark Twain

"Inter arma silent Musae"--when the weapons speak, the muses fall silent.

An't nanum hearm deth, doth hwaet ye willath.

It is forbidden to kill; therefore all murderers are punished
unless they kill in large numbers and to the sound of trumpets. -Voltaire

Economic Left/Right: -3.88
Authoritarian/Libertarian: -4.36

Originally Posted by FredFredson

Depends on how many messages are needed to kill the phone. The article says they sent 120,000, but if it only needs 10,000 my ordinary PC could do that in 10-15 minutes or so. F

so in order to kill one cell phone every ten minutes they need from one to twelve PCs.......I don't think there is a serious threat of terrorists using this method to deprive the world of cell phones........

__________________
....attached to sanity by a bungee cord.....

Quote:

so in order to kill one cell phone every ten minutes they need from one to twelve PCs

A smallish spam botnet (100,000 + machines) could pretty much do this in a day. A large botnet (500,000 to 1 MILLION infected machines) could do it in seconds. Currently these botnets mostly send spam emails at the rate of millions of messages A DAY. Simply have them send SMS instead to targeted cellphone systems. The attack systems are already in place for this one.

The Wikileaks DDOS attacks which shook MC and Paypal were pretty close to this scale of activity.

F

__________________
"Patriotism means being loyal to your country all the time and to its government when it deserves it."-- Mark Twain

"Inter arma silent Musae"--when the weapons speak, the muses fall silent.

An't nanum hearm deth, doth hwaet ye willath.

It is forbidden to kill; therefore all murderers are punished
unless they kill in large numbers and to the sound of trumpets. -Voltaire

Economic Left/Right: -3.88
Authoritarian/Libertarian: -4.36