How to crash a phone by SMS
Broken message, frozen phone
Black Hat Europe So now you can send an SMS and crash a mobile phone, so that the user is locked out.
Job de Haas, a security researcher at ITSX, has adapted a program called sms_client, which sends an SMS message from an Internet-connected PC, in which the User Data Header is broken.
During a presentation during the Black Hat conference last week, he demonstrated how a malformed message crashes a Nokia 6210 phone on its receipt. Once the message is received it is impossible to turn on an infected phone again.
The vulnerability is tied to the software used by a phone. The flaw affects Nokia 6210, 3310 and 3330 phones, de Haas has discovered, but not a Siemens phone he tried. Phones from other manufacturers are yet to be tested.
To fix the problem users have to put a SIM card into a phone without the bug. Alternatively if the SMS message is registered in a user's In-box this could be deleted with a SMS management tool on a PC.
To repeat the exploit requires knowledge of SS7 signalling and telco protocols to adapt sms_client into an attack tool. But given the power of the attack security through obscurity doesn't appeal. The kicker is that the modified sms_client makes it trivial to spoof the source of any attack.
Nokia told us that sending a message which freezes a phone is "something it encountered" before. The company is unfamiliar with the exploit uncovered by ITSX, which comes as a new twist even to clued-up Black Hat attendees. It promises to get us a more detailed technical response, and we'll update you when this becomes available. ®