Feeds

How to slay a cellphone with a single text

SMS of Death explained

Internet Security Threat Report 2014

Attacks that crash most older cellphones are frequently compounded by carrier networks that send booby-trapped text messages to the target handset over and over. In other cases, they're aided by a “watchdog” feature embedded in the phone, which takes it offline after receiving just three of the malformed messages.

The so-called SMS of death attacks were unveiled late last year at a hacker conference in Berlin. They use special binary characters and overflowed headers to temporarily crash most older models made by manufacturers including Nokia, Samsung, Sony Ericsson, LG, Motorola, and Micromax. Carrier networks often aggravate the attacks by bombarding the target with the same malicious message, making them an inexpensive way to take a phone completely offline.

“With this bug, you can basically shut down a phone with one SMS and let the network do the retransmission all the time,” Collin Mulliner, a Ph.D. candidate at the Berlin Institute of Technology, told The Reg recently. “For very cheap, you can have the network attack the phone for you.”

The retransmission happens as a result of the way most carrier networks are designed. When they send SMS, or short message service, texts, they cache the message until the phone responds with an acknowledgment indicating it has been properly received. If the answer isn't transmitted, the network will resend the message for hours or days at a time, disabling the phone in the process.

Even in cases when the messages aren't resent, Nokia phones come equipped with a feature dubbed the Watchdog, which is designed to protect a phone by shutting it down after receiving three malformed messages. The SMS causes the Nokia screen to go white and then reboots the phone, causing it to disconnect from the network. Sending the message while a call is in progress will terminate the conversation.

Sending the message three times in close succession invokes the Watchdog to shut down the device. The bug affects virtually all feature phones shipped by Nokia prior to 2010, said Mulliner, who presented updated findings earlier this month at the CanSecWest security conference along with Nico Golde, a Berlin Institute of Technology student who worked on the project for his Master's thesis.

The SMS used to crash Nokia phones was described as an 8-bit class 0 (Flash SMS) with certain TP-UD payload. Messages with different specifications can be used to take out handsets made by other manufacturers.

Feature phones may have lost much of their cachet to smartphones over the past few years, but they are still relied upon by almost 80 percent of the world's mobile phone users, the researchers said.

The attacks could be used in targeted attacks against social enemies and business rivals, but the researchers say there's also the potential for the vulnerabilities to be exploited in a more widespread fashion by using bulk SMS services, smartphone-based botnets, or SS7, a series of telephony signaling protocols the researchers said are becoming increasingly accessible to companies and individuals.

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.