Feeds

How to slay a cellphone with a single text

SMS of Death explained

5 things you didn’t know about cloud backup

Attacks that crash most older cellphones are frequently compounded by carrier networks that send booby-trapped text messages to the target handset over and over. In other cases, they're aided by a “watchdog” feature embedded in the phone, which takes it offline after receiving just three of the malformed messages.

The so-called SMS of death attacks were unveiled late last year at a hacker conference in Berlin. They use special binary characters and overflowed headers to temporarily crash most older models made by manufacturers including Nokia, Samsung, Sony Ericsson, LG, Motorola, and Micromax. Carrier networks often aggravate the attacks by bombarding the target with the same malicious message, making them an inexpensive way to take a phone completely offline.

“With this bug, you can basically shut down a phone with one SMS and let the network do the retransmission all the time,” Collin Mulliner, a Ph.D. candidate at the Berlin Institute of Technology, told The Reg recently. “For very cheap, you can have the network attack the phone for you.”

The retransmission happens as a result of the way most carrier networks are designed. When they send SMS, or short message service, texts, they cache the message until the phone responds with an acknowledgment indicating it has been properly received. If the answer isn't transmitted, the network will resend the message for hours or days at a time, disabling the phone in the process.

Even in cases when the messages aren't resent, Nokia phones come equipped with a feature dubbed the Watchdog, which is designed to protect a phone by shutting it down after receiving three malformed messages. The SMS causes the Nokia screen to go white and then reboots the phone, causing it to disconnect from the network. Sending the message while a call is in progress will terminate the conversation.

Sending the message three times in close succession invokes the Watchdog to shut down the device. The bug affects virtually all feature phones shipped by Nokia prior to 2010, said Mulliner, who presented updated findings earlier this month at the CanSecWest security conference along with Nico Golde, a Berlin Institute of Technology student who worked on the project for his Master's thesis.

The SMS used to crash Nokia phones was described as an 8-bit class 0 (Flash SMS) with certain TP-UD payload. Messages with different specifications can be used to take out handsets made by other manufacturers.

Feature phones may have lost much of their cachet to smartphones over the past few years, but they are still relied upon by almost 80 percent of the world's mobile phone users, the researchers said.

The attacks could be used in targeted attacks against social enemies and business rivals, but the researchers say there's also the potential for the vulnerabilities to be exploited in a more widespread fashion by using bulk SMS services, smartphone-based botnets, or SS7, a series of telephony signaling protocols the researchers said are becoming increasingly accessible to companies and individuals.

Secure remote control for conventional and virtual desktops

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.