You may not think much of SMS messages hitting your phone every day, but two researchers revealed earlier today at a hacking conference in Berlin, Germany, that SMS could be used to attack and shut down individual cell phones or an entire carrier network.
The attack discussed at the 27C3 conference resemble the nature of a denial of service attack with a huge number of messages being sent of cell phones. In this specific case, Collin Mulliner and Nico Golde of the Technical University of Berlin tested cell phones in an isolated environment and shot 120,000 messages at them. The phones tested were simple feature phones (as opposed to smartphones such as the iPhone or Android devices) with just one processors as their operating systems usually shut down when just one application crashes. It is estimated that there are currently more than 4.6 billion feature phones in use today.
German website heise.de reports that Nokia's 540 struck out with a “white screen of death”, forced a restart and shut down completely after the third attack. Samsung phones shut down when they were flooded with SMS messages that were separated into multiple parts, LG phones were vulnerable to buffer overflow attacks and one unnamed device was put into a permanent offline state.
According to Mulliner and Golde, such SMS attacks could be used to prevent individual users from being reachable. They could be used to shut down an entire network when tens of thousands of attacked devices are trying to log on to a carrier network. The researchers noted that it was difficult to reach cell phone manufacturers to report software flaws and that the general delivery method for patches should be improved.
Yeah, I remember the wedge. If a chatroom you wanted to be on was full, you could wedge someone off the network to get in. Real jerk move, but then, people tend to be that way.
Imagine the financial damage you could do to someone if they didn't have a messaging plan. Of course, hopefully they could track it back to the attacker and sue the crap out of them for any damages.
You aren't thinking in the proper terms. Its not the amount of data, its the amount of requests. DDOS attacks don't work because they flood servers with gigabytes of data, they work because they flood servers with millions of simple requests. It is the processing required to handle all of those requests that bring websites down, and its that same processing that would bring-down a cell network long before a cell-phone. You couldn't run an SMS botnet to attack a particular cell-phone, the cell network would never be able to handle processing all those messages and routing them to their destination. It would serve, however, to bring down the network which is probably the primary goal anyway.
They were dumbphones used in the test. Not android, blackberry, or iPhones.
Also the hodling it wrong meme is older than cake.