The attack discussed at the 27C3 conference resemble the nature of a denial of service attack with a huge number of messages being sent of cell phones. In this specific case, Collin Mulliner and Nico Golde of the Technical University of Berlin tested cell phones in an isolated environment and shot 120,000 messages at them. The phones tested were simple feature phones (as opposed to smartphones such as the iPhone or Android devices) with just one processors as their operating systems usually shut down when just one application crashes. It is estimated that there are currently more than 4.6 billion feature phones in use today.
German website heise.de reports that Nokia's 540 struck out with a “white screen of death”, forced a restart and shut down completely after the third attack. Samsung phones shut down when they were flooded with SMS messages that were separated into multiple parts, LG phones were vulnerable to buffer overflow attacks and one unnamed device was put into a permanent offline state.
According to Mulliner and Golde, such SMS attacks could be used to prevent individual users from being reachable. They could be used to shut down an entire network when tens of thousands of attacked devices are trying to log on to a carrier network. The researchers noted that it was difficult to reach cell phone manufacturers to report software flaws and that the general delivery method for patches should be improved.
There is only so much data that can go through the air. They did this under "Isolated circumstances", probably with an entire network dedicated to 1 phone or so, not a couple thousand phones.
Interesting, but not surprising.
Sounds like mail bombing only with SMS texts and it results a phone that needs to be rebooted.
A single text is about 160 bytes of data. If you sent 100,000 texts it would equal 16,000,000 or 16MB. 16MB isn't jack sh*t. When you watch a movie on netflix the incoming data would be about 400MB - 600MB (or more) depending on the quality of the video. Movies streamed on a playstation are up to and over 1,600MB which would be 100,000,000 texts. YOU CANNOT CRASH A NETWORK BY SENDING TEXTS. Network capabilities go FAR beyond the tiny amount of data that is sent within a text.
dredg98android has a app for sms bombing should be taken off the MarketImagine the financial damage you could do to someone if they didn't have a messaging plan. Of course, hopefully they could track it back to the attacker and sue the crap out of them for any damages.
dark_lord69I don't think so. Do you know how small an of an amount of data a txt represents?A single text is about 160 bytes of data. If you sent 100,000 texts it would equal 16,000,000 or 16MB. 16MB isn't jack sh*t. When you watch a movie on netflix the incoming data would be about 400MB - 600MB (or more) depending on the quality of the video. Movies streamed on a playstation are up to and over 1,600MB which would be 100,000,000 texts. YOU CANNOT CRASH A NETWORK BY SENDING TEXTS. Network capabilities go FAR beyond the tiny amount of data that is sent within a text.You aren't thinking in the proper terms. Its not the amount of data, its the amount of requests. DDOS attacks don't work because they flood servers with gigabytes of data, they work because they flood servers with millions of simple requests. It is the processing required to handle all of those requests that bring websites down, and its that same processing that would bring-down a cell network long before a cell-phone. You couldn't run an SMS botnet to attack a particular cell-phone, the cell network would never be able to handle processing all those messages and routing them to their destination. It would serve, however, to bring down the network which is probably the primary goal anyway.
Development time and business. Why spend 2-4 times the development time to make something you could spend the normal time and then upgrade it later as a 'feature' and maybe wring some money out of congress to Upgrade your infrastructure?
-1, Dumb. Do you get that SMS operates on a special channel in the cell phone system, a channel that has a much slower base speed? And on that channel, the timeslices for SMS messages to be executed are not infinite? It is very possible to saturate the SMS pathway with a relatively small number (100,000) of messages.
But you are on the right track. Cell providers need to abandon public SMS use in favor of IP based solutions that DO scale with network bandwidth. Now if only the providers didn't stand to lose millions in SMS fees each year by doing such a thing...