Domain: smsanalysis.org
Stories and comments across the archive that link to smsanalysis.org.
Comments · 8
-
How truely AWFUL...
Text messages are one of the most awful forms of data on the cell network. On a 3G type network, they are just data, so hey, if you can do TXT on 3G, just do data. So what?
But on older networks, such as the proposed usage, they take up CONTROL channel space, and too much SMS is a DOS attack!
See Exploiting Open Functionality in SMS-Capable Cellular Networks:
ABSTRACT: Cellular networks are a critical component of the economic and social infrastructures in which we live. In addition to voice services, these networks deliver alphanumeric text messages to the vast majority of wireless subscribers. To encourage the expansion of this new service, telecommunications companies offer connections between their networks and the Internet. The ramifications of such connections, however, have not been fully recognized. In this paper, we evaluate the security impact of the SMS interface on the availability of the cellular phone network. Specifically, we demonstrate the ability to deny voice service to cities the size of Washington D.C. and Manhattan with little more than a cable modem. Moreover, attacks targeting the entire United States are feasible with resources available to medium-sized zombie networks. This analysis begins with an exploration of the structure of cellular networks. We then characterize network behavior and explore a number of reconnaissance techniques aimed at effectively targeting attacks on these systems. We conclude by discussing countermeasures that mitigate or eliminate the threats introduced by these attacks.
-
Re:Think of the towers
This is probably worded in way that you can understand.
"In fact, it would take little more than a cable modem to deny service to large metropolitan areas in the U.S. For example, a city the size of Washington, D.C., could be taken out by a DoS attack with a bandwidth of about 2.8 megabits per second, they said."
http://www.pcworld.com/article/122878/sms_attack_could_harm_cell_phones.html
And.. You should read the section titled "Seperation of Voice and Data" (as well the whole document) from the researchers at Penn.
"Even if a provider rationalized the expense, the elevated provisioning merely makes DoS attacks more difficult but not im-possible"
http://www.smsanalysis.org/smsanalysis.pdf
This research paper is 4 years old! How long has it been since you left your parents basement?
Bullcrap yourself friendo. -
Overhead
In-flight calls or data are a poor example. You're talking about putting in equipment that costs more than typical network equipment because of requirements like low EMI, light weight, minimal maintenance, ground stations to handle the data, programming to manage handoffs at 500+ mph, and the process of getting FAA approval when you integrate it with a jillion other systems on a commercial airliner. It genuinely is expensive. Even at $10/hour that Boeing was charging for their Connexion internet service, they lost huge amounts of money on it (I think partially because they over-engineered the system, but I'm not very familiar with the details).
The cost of using it are very low, but the costs to initially add the feature are very high. Then you add in the fact that usage rates are typically low (only a handful of passengers buy it, only "full-service" airlines install the equipment), it can be hard to make it pay for itself.
Of course, they do add a high margin on top of their projected costs because they can without affecting the demand much, but the fixed costs still dominate (at the moment...data services will be much better integrated in the coming generation of airliners, and we may be moving towards allowing cell phones in flight, too).
SMS is the opposite. They aren't seeing low usage on new, expensive infrastructure. They're seeing high usage on existing, paid-for infrastructure.
The SMS scheme really isn't a very good one. SMS messages get multiplexed into the control channels on the mobile phone network, and it's really a 2nd generation technology. The size of the control channels is fundamentally limited, but each slot is big enough for a text message. So the providers squeeze the SMS into it because it fits and it doesn't require re-engineering their protocols to fit it in the voice channels. This is also why SMS is limited to so few characters: That's what fits in a time-division on the control channel.
Unfortunately, it proved to be a popular service. The limited extra space fills up quickly. In fact, it's theoretically possible to launch a relatively wide-area DDoS attack by sending only a couple hundred messages per second from zombie clients. To get the best return on their existing capacity, providers raise the price to discourage excessive use.
The puzzling thing in my opinion is that it's taking so long for this service to shift from being side-banded in the 2G scheme to being normal data packets on 3G networks. As that happens, the capacity for text explodes (text is way more compact than voice, pictures, video and other planned 3G content) and the providers can leverage the genuinely low cost of text to undersell their competitor's plans. A pricewar ensues and the consumers win.
But it hasn't happened yet. My best guess is because the companies realize that the first one to make a substantial move in this direction will only enjoy success for a short time before the others all catch up. Then the competitive advantage is gone and profits have dropped close to zero.
No, I haven't sourced much of this. It's mostly conclusions from discussions with friends who work in the mobile industry. Feel free to correct the parts I got wrong. -
Parent is correct
Parent is the only reply to get it right. It's not that the cellular providers are ripping us off (well, at least not just that)—it's that SMS bandwidth is extremely limited (see also here, here, here). For shame, Slashdot!
-
URL of the paper
-
some alarming quotes from the NYT article
In their research, the authors concluded that all major cellular networks were vulnerable, and that a single computer with a cable modem could do the job.
...One challenge for would-be attackers, according to the paper, is pulling together a list of working cellphones in a specific geographical area. But that, too, is made simpler via the Internet; the authors describe a process using Google and some search tricks that allowed them to collect 7,308 cellular numbers in New York City and 6,184 from Washington "with minimal time and effort."
...The system works even when cellular calls do not because text messages are small packets of data that are easy to send, and because the companies transmit them on the high-priority channel whose main purpose is to set up cellphone calls.
But therein lies part of the vulnerability, Professor McDaniel said. The control channel cannot handle large amounts of data, he said, so by flooding the channel with messages, it is possible to prevent voice calls from going through.
"This is a traffic-jam problem," he said. "You're sending too many cars down a two-lane road."
the research paper with technical details -
URLs for actual paper
A more detailed description of the threat is at smsanalysis.org/. The actual paper at smsanalysis.org/smsanalysis.pdf.
-
URLs for actual paper
A more detailed description of the threat is at smsanalysis.org/. The actual paper at smsanalysis.org/smsanalysis.pdf.