Skip to main content

SMS Messages Can Kill Mobile Phones

The attack discussed at the 27C3 conference resemble the nature of a denial of service attack with a huge number of messages being sent of cell phones. In this specific case, Collin Mulliner and Nico Golde of the Technical University of Berlin tested cell phones in an isolated environment and shot 120,000 messages at them. The phones tested were simple feature phones (as opposed to smartphones such as the iPhone or Android devices) with just one processors as their operating systems usually shut down when just one application crashes. It is estimated that there are currently more than 4.6 billion feature phones in use today.

German website heise.de reports that Nokia's 540 struck out with a “white screen of death”, forced a restart and shut down completely after the third attack. Samsung phones shut down when they were flooded with SMS messages that were separated into multiple parts, LG phones were vulnerable to buffer overflow attacks and one unnamed device was put into a permanent offline state.

According to Mulliner and Golde, such SMS attacks could be used to prevent individual users from being reachable. They could be used to shut down an entire network when tens of thousands of attacked devices are trying to log on to a carrier network. The researchers noted that it was difficult to reach cell phone manufacturers to report software flaws and that the general delivery method for patches should be improved.

  • N.Broekhuijsen
    Yes, thats all great, but NO mobile phone network is going to be capable of actually processing so many messages at once. The network is WAAAY sooner to crash probably then the mobile phones!

    There is only so much data that can go through the air. They did this under "Isolated circumstances", probably with an entire network dedicated to 1 phone or so, not a couple thousand phones.

    Interesting, but not surprising.
    Reply
  • igot1forya
    This reminds me of the days when you could kill an AOL Dial-Up session by flooding the an other user with IM requests... ;)
    Reply
  • f-14
    much better then one of marcus yams articles, thanks for the heads up
    Reply
  • dark_lord69
    Huh... So a program setup to automatically send hundreds of SMS texts could disable a basic phone.. OR if you specified multiple recipients many phones...

    Sounds like mail bombing only with SMS texts and it results a phone that needs to be rebooted.
    Reply
  • dredg98
    android has a app for sms bombing should be taken off the Market
    Reply
  • dark_lord69
    xbeaterYes, thats all great, but NO mobile phone network is going to be capable of actually processing so many messages at once. The network is WAAAY sooner to crash probably then the mobile phones!There is only so much data that can go through the air. They did this under "Isolated circumstances", probably with an entire network dedicated to 1 phone or so, not a couple thousand phones.Interesting, but not surprising.I don't think so. Do you know how small an of an amount of data a txt represents?
    A single text is about 160 bytes of data. If you sent 100,000 texts it would equal 16,000,000 or 16MB. 16MB isn't jack sh*t. When you watch a movie on netflix the incoming data would be about 400MB - 600MB (or more) depending on the quality of the video. Movies streamed on a playstation are up to and over 1,600MB which would be 100,000,000 texts. YOU CANNOT CRASH A NETWORK BY SENDING TEXTS. Network capabilities go FAR beyond the tiny amount of data that is sent within a text.
    Reply
  • hellwig
    Igot1foryaThis reminds me of the days when you could kill an AOL Dial-Up session by flooding the an other user with IM requests...Yeah, I remember the wedge. If a chatroom you wanted to be on was full, you could wedge someone off the network to get in. Real jerk move, but then, people tend to be that way.

    dredg98android has a app for sms bombing should be taken off the MarketImagine the financial damage you could do to someone if they didn't have a messaging plan. Of course, hopefully they could track it back to the attacker and sue the crap out of them for any damages.

    dark_lord69I don't think so. Do you know how small an of an amount of data a txt represents?A single text is about 160 bytes of data. If you sent 100,000 texts it would equal 16,000,000 or 16MB. 16MB isn't jack sh*t. When you watch a movie on netflix the incoming data would be about 400MB - 600MB (or more) depending on the quality of the video. Movies streamed on a playstation are up to and over 1,600MB which would be 100,000,000 texts. YOU CANNOT CRASH A NETWORK BY SENDING TEXTS. Network capabilities go FAR beyond the tiny amount of data that is sent within a text.You aren't thinking in the proper terms. Its not the amount of data, its the amount of requests. DDOS attacks don't work because they flood servers with gigabytes of data, they work because they flood servers with millions of simple requests. It is the processing required to handle all of those requests that bring websites down, and its that same processing that would bring-down a cell network long before a cell-phone. You couldn't run an SMS botnet to attack a particular cell-phone, the cell network would never be able to handle processing all those messages and routing them to their destination. It would serve, however, to bring down the network which is probably the primary goal anyway.
    Reply
  • dkant1n
    Really interesting. I'm surprised that networks dont have protections against this kind of "attacks"
    Reply
  • mikem_90
    dkant1nReally interesting. I'm surprised that networks dont have protections against this kind of "attacks"
    Development time and business. Why spend 2-4 times the development time to make something you could spend the normal time and then upgrade it later as a 'feature' and maybe wring some money out of congress to Upgrade your infrastructure?
    Reply
  • joebob2000
    dark_lord69I don't think so. Do you know how small an of an amount of data a txt represents?A single text is about 160 bytes of data. If you sent 100,000 texts it would equal 16,000,000 or 16MB. 16MB isn't jack sh*t. When you watch a movie on netflix the incoming data would be about 400MB - 600MB (or more) depending on the quality of the video. Movies streamed on a playstation are up to and over 1,600MB which would be 100,000,000 texts. YOU CANNOT CRASH A NETWORK BY SENDING TEXTS. Network capabilities go FAR beyond the tiny amount of data that is sent within a text.
    -1, Dumb. Do you get that SMS operates on a special channel in the cell phone system, a channel that has a much slower base speed? And on that channel, the timeslices for SMS messages to be executed are not infinite? It is very possible to saturate the SMS pathway with a relatively small number (100,000) of messages.

    But you are on the right track. Cell providers need to abandon public SMS use in favor of IP based solutions that DO scale with network bandwidth. Now if only the providers didn't stand to lose millions in SMS fees each year by doing such a thing...
    Reply