Feeds

How to slay a cellphone with a single text

SMS of Death explained

Build a business case: developing custom apps

Attacks that crash most older cellphones are frequently compounded by carrier networks that send booby-trapped text messages to the target handset over and over. In other cases, they're aided by a “watchdog” feature embedded in the phone, which takes it offline after receiving just three of the malformed messages.

The so-called SMS of death attacks were unveiled late last year at a hacker conference in Berlin. They use special binary characters and overflowed headers to temporarily crash most older models made by manufacturers including Nokia, Samsung, Sony Ericsson, LG, Motorola, and Micromax. Carrier networks often aggravate the attacks by bombarding the target with the same malicious message, making them an inexpensive way to take a phone completely offline.

“With this bug, you can basically shut down a phone with one SMS and let the network do the retransmission all the time,” Collin Mulliner, a Ph.D. candidate at the Berlin Institute of Technology, told The Reg recently. “For very cheap, you can have the network attack the phone for you.”

The retransmission happens as a result of the way most carrier networks are designed. When they send SMS, or short message service, texts, they cache the message until the phone responds with an acknowledgment indicating it has been properly received. If the answer isn't transmitted, the network will resend the message for hours or days at a time, disabling the phone in the process.

Even in cases when the messages aren't resent, Nokia phones come equipped with a feature dubbed the Watchdog, which is designed to protect a phone by shutting it down after receiving three malformed messages. The SMS causes the Nokia screen to go white and then reboots the phone, causing it to disconnect from the network. Sending the message while a call is in progress will terminate the conversation.

Sending the message three times in close succession invokes the Watchdog to shut down the device. The bug affects virtually all feature phones shipped by Nokia prior to 2010, said Mulliner, who presented updated findings earlier this month at the CanSecWest security conference along with Nico Golde, a Berlin Institute of Technology student who worked on the project for his Master's thesis.

The SMS used to crash Nokia phones was described as an 8-bit class 0 (Flash SMS) with certain TP-UD payload. Messages with different specifications can be used to take out handsets made by other manufacturers.

Feature phones may have lost much of their cachet to smartphones over the past few years, but they are still relied upon by almost 80 percent of the world's mobile phone users, the researchers said.

The attacks could be used in targeted attacks against social enemies and business rivals, but the researchers say there's also the potential for the vulnerabilities to be exploited in a more widespread fashion by using bulk SMS services, smartphone-based botnets, or SS7, a series of telephony signaling protocols the researchers said are becoming increasingly accessible to companies and individuals.

The essential guide to IT transformation

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Know what Ferguson city needs right now? It's not Anonymous doxing random people
U-turn on vow to identify killer cop after fingering wrong bloke
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.