Feeds

How to slay a cellphone with a single text

SMS of Death explained

Beginner's guide to SSL certificates

Attacks that crash most older cellphones are frequently compounded by carrier networks that send booby-trapped text messages to the target handset over and over. In other cases, they're aided by a “watchdog” feature embedded in the phone, which takes it offline after receiving just three of the malformed messages.

The so-called SMS of death attacks were unveiled late last year at a hacker conference in Berlin. They use special binary characters and overflowed headers to temporarily crash most older models made by manufacturers including Nokia, Samsung, Sony Ericsson, LG, Motorola, and Micromax. Carrier networks often aggravate the attacks by bombarding the target with the same malicious message, making them an inexpensive way to take a phone completely offline.

“With this bug, you can basically shut down a phone with one SMS and let the network do the retransmission all the time,” Collin Mulliner, a Ph.D. candidate at the Berlin Institute of Technology, told The Reg recently. “For very cheap, you can have the network attack the phone for you.”

The retransmission happens as a result of the way most carrier networks are designed. When they send SMS, or short message service, texts, they cache the message until the phone responds with an acknowledgment indicating it has been properly received. If the answer isn't transmitted, the network will resend the message for hours or days at a time, disabling the phone in the process.

Even in cases when the messages aren't resent, Nokia phones come equipped with a feature dubbed the Watchdog, which is designed to protect a phone by shutting it down after receiving three malformed messages. The SMS causes the Nokia screen to go white and then reboots the phone, causing it to disconnect from the network. Sending the message while a call is in progress will terminate the conversation.

Sending the message three times in close succession invokes the Watchdog to shut down the device. The bug affects virtually all feature phones shipped by Nokia prior to 2010, said Mulliner, who presented updated findings earlier this month at the CanSecWest security conference along with Nico Golde, a Berlin Institute of Technology student who worked on the project for his Master's thesis.

The SMS used to crash Nokia phones was described as an 8-bit class 0 (Flash SMS) with certain TP-UD payload. Messages with different specifications can be used to take out handsets made by other manufacturers.

Feature phones may have lost much of their cachet to smartphones over the past few years, but they are still relied upon by almost 80 percent of the world's mobile phone users, the researchers said.

The attacks could be used in targeted attacks against social enemies and business rivals, but the researchers say there's also the potential for the vulnerabilities to be exploited in a more widespread fashion by using bulk SMS services, smartphone-based botnets, or SS7, a series of telephony signaling protocols the researchers said are becoming increasingly accessible to companies and individuals.

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.