Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crashing A Nokia Phone Via SMS

Posted by Hemos on from the doesn't-matter-to-me dept.

Atryn writes "An article at the Register reports that a recent Black Hat conference presenter demonstrated how to crash Nokia cell phones using malformed headers in SMS messaging protocols. Though the SIM card can be recovered by moving to a new phone, this is perhaps an interesting preview of security issues as data goes wireless." Of course, when you live in the US, where your wireless services are about eight years behind the curve, this is less of an issue. *grin*

15 of 197 comments (clear)

  1. SMS proxy? by chrysalis · · Score: 4, Interesting

    It's time to code firewalls and applicative filtering proxies for mobile phones...

    --
    {{.sig}}
  2. Re:Old news? by FatRatBastard · · Score: 2, Interesting

    Not sure? According to the CNN article its a temporary thing. The Reg says its a lot nastier.

    Plus, I think the Reg's angle was that there's now a Script Kiddie tool to do the job.

  3. Behind WHICH curve? by bluGill · · Score: 0, Interesting

    Europe is ahead of the Us because they have a standard system. However the US has several systems which have features that are better than what Europe has. CDMA is a better standard than GMS overall, and there are others, which gives each a trial by fire. The best can then be combined into something that works. Generation 3 cell phones (if they ever make it) have been heavially influenced by what worked and didn't work in the US. If everyone was GSM like Europe is, then generation 3 would not be as good as it is.

    Remember standardise early, but not too early.

    I won't argue when you say it is convient to have one standard, but in real life most of the US has just as good of coverage as Europe. Sure there is only one provider, but who cares if the phone works? Get out from the major cities and there is no service, but a single GSM standard would't help much. Population densities are very low in the US, to there day there are many miles where there is no coverage on any system. (Unless there is a satalite system now)

    1. Re:Behind WHICH curve? by C_nemo · · Score: 2, Interesting

      behind the cell-curve curve I live in Norway(5 mill +large country) and we have GSM coverage virtualy on every mountain and wally(real walleys not like those puny US ones, and the UMTS network are about to, or has been opened Kaptein N

    2. Re:Behind WHICH curve? by infiniti99 · · Score: 5, Interesting

      CDMA is a better standard than GMS overall

      What I find funny about this statement is that these two are not necessarily comparable. CDMA is a radio protocol, used by both Sprint PCS and Verizon here in the USA. GSM, on the other hand, fully describes a wireless network, from the radio protocol (TDMA), to the included services (voice, 9600bps data, SMS), all the way to the SIM chip.

      While CDMA may be a better radio protocol than TDMA, it is definitely not a wireless network. You can't use a Sprint phone on the Verizon network can you? As far as I know, these are separate networks with their own definitions. They just happen to share a common radio protocol.

      So when someone brings up the ancient war: CDMA vs TDMA vs GSM, be sure to reorganize this into: Sprint vs Verizon vs AT&T vs GSM. This is a much more sensible comparison. Anyhow, perhaps in the future GSM's radio protocol can be replaced with a CDMA incarnation.

    3. Re:Behind WHICH curve? by dachshund · · Score: 2, Interesting
      This of course means that the USA tends to implement version 1.0 all across the country, and when you've covered an area that big with version 1.0, version 2.0 is gonna be a long time coming ;)

      Actually, it seems that the situation is reversed in this case. GSM uses a less-advanced technology (TDMA) than many US networks (CDMA). Europe/Asia/Africa have opted to standardize this older system, while some US carriers have gone ahead and adopted more advanced but incompatible systems. As we've got no expectations of compatibility (even when switching from one company to another), it's easier to skip to newer tech.

      I don't entirely agree with the US companies' decision here, but I do think it may have some unexpected benefits. For one, we may be able to move in with a much more advanced 3G without being tied down by a whole lot of backwards-compatibility concerns. For another, it may turn out that the focus on standardized networks becomes less and less important as technology becomes more adaptable. The price and flexibility of wireless tech have been plunging and exploding, respectively. It may turn out that compatibility is more effectively acheived by cheap Taiwanese chipsets than by standardized networks.

      Personally, having caught a glimpse of the projected cost of 3G (for not-terribly impressive data rates, and only in the cities), I'm skeptical of the whole project. I think the next generation of data/phone tech will take its cues from 802.11 tech, and GSM will become a relic. This is obviously a few years off, though. In the mean time, we Americans just have to rent phones when we get off the plane (not a terrible deal when you consider international roaming charges, I'm told.)

      As to "America gets stuck on 1.0", there's plenty of precedent for the opposite; the Minitel in France (outmoded by the web) and analog HDTV in Japan. Sometimes our stubborness is actually an asset.

    4. Re:Behind WHICH curve? by onion2k · · Score: 3, Interesting

      Another reason for mobile phones being further ahead in Europe is that the major innovators in the industry are European. Nokia, Ericsson, Siemens to name a few of the bigger manufacturers. There are others, such as Sony and Panasonic, but they're not often on anyones 'Favourite Phone' list.

      Just give me a Nokia 7650 and I'll be happy.

      --
      http://twitter.com/onion2k
  4. And for the first time... by Exmet+Paff+Daxx · · Score: 3, Interesting

    For the first time, hackers can kill. Considering the number of people who use their cell phones while driving, a random "crash" (what a terrible pun) while trying to send email or view stock quotes while driving should be enough to push a few drivers "over the edge".

    The good news is that if terrorists intend to use such "crash" attempts to crash cars or other vehicles, we at least have new legislation to stop them.

    --
    If guns kill people, then CmdrTaco's keyboard misspells words.
  5. Re:Black hats by SirSlud · · Score: 5, Interesting

    Just like any technology, it can be used and abused. If I were the type who didn't like the word asshole, I might be justified in lamenting:

    Is it at all possible to have any sort of message board without people coming along and using the word asshole?

    Any other way, and you wouldn't be on planet earth, bub. Stop whining about it, and start questionting which you value more: crashable cell phones, or no cell phones?

    Society must accept the inevitability of technology as an unbiased tool. Technology CANNOT be created for good. Like it or not, as a society, we must accept that when we adopted cell phones, we accepted the possibility that they may not always work, in the same way that as a society we value the use of cars more so than the lives of the thousands upon thousands of people who die as a result of them every year.

    Anyone who thinks technology puts powers only in the hands of the righteous (whatever the hell that is) is a fool. In the case of Black Hats, I'd rather the concaine junkies in my neighbourhood congregate and do their thing in the middle of daylight in the park rather than at night, in allys, if you catch my drift. The fact that this was demonstrated at a conference is a good thing .. would you prefer to crack down on these people, and drive their activities into the underground where you are upable to keep an eye on them?

    --
    "Old man yells at systemd"
  6. Re:8 years behind??? by dave_c · · Score: 4, Interesting

    Yes, it does exist today, but how long have GSM networks been in the US? Maybe a few years at best. How about widespread deployment?

    Seriously. I have Voicestream GSM service & a tri-band phone, and have mediocre coverage in Washington, D.C., but last week had awesome coverage throughout Scotland and northern England (I'm talking small towns, not just cities like Edinburgh, etc.). Even got encrypted transmission service in Iceland. But in the U.S.? Nuthin' but crap.

    Maybe cell phones are more like fashion than technology: we American's like it 2 years after it's popular in London.

  7. Security through... by 1010011010 · · Score: 4, Interesting

    Of course, when you live in the US, where your wireless services are about eight years behind the curve, this is less of an issue.

    Security through Inertia. Hmm...

    --
    Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
  8. SMS is NOT useless by clarkie.mg · · Score: 3, Interesting

    You do not seem to realize the success that sms has in Europe. If we follow you, why send an email when you can call the person on a phone ? Ridiculous. I am not an avid sms user but I see it can be useful in many situations :

    - If you cannot talk or do not want to talk, in a lecture for example, you can still type.

    - If you want to send a phone number or a complex address, it is easier for the receiver to read it than to have to write it when you talk.

    - You can reuse the same message as many times as you want.

    - You can type a message and send it later.

    - If the network is poor and audio not working, sms still works. (I only use sms with why brother, the antenna of his phone is broken). It even saved a man's life in England.

    - With sms, you can see the number of the sender and ignore it.

    - you can receive personal news and services that way.

    - you can have your email forwarded etc.

    - etc.

    Finally if you find a place where 802.11b works everywhere with phones as cheap as current ones, I will go live there !

    --
    Men are born ignorant, not stupid; they are made stupid by education. Bertrand Russel
  9. This is new? by FLaMeBoY · · Score: 2, Interesting

    Is this new? I have seen this happen a lot, and not just with nokia. The special characters from phillip's phones can crash quite a few phones. Alcatel seem to be one of the worst for crashing. Some phones seem to be fine, but an't delete the message from the sms through to the phone not working till the message is deleted from the sms on another phone.

  10. Re:8 years behind??? by dave_c · · Score: 2, Interesting

    The GSM system in Iceland is one of the most advanced networks in the world. Everybody has a mobile. 9 year olds and up! :) Interesting fact! :)

    Interestingly, I was just in Iceland last week, and my GSM phone had 1) the best reception I'd had anywhere (I'm from the States), 2) faster signal location than anywhere else (here in D.C. it takes a minute or so to find the nearest Voicestream tower), and 3) encrypted transmission between my phone and the tower (which I've never seen work anywhere else I've been).

  11. Not just SMS, but regular Nokias, too.... by AtariDatacenter · · Score: 3, Interesting

    My Nokia 5165 (like many other cell phones) has the ability for you to upload new ring tones and other delightful things to it. First, I was playing around with a few web sites that existed. Then I got ahold of the logic and created my own.

    In my case, all I had to do was to send an email to mytelephonenumber@mobile.att.net, and it would be processed by the phone. (Great way to act as a pager, too.)

    In my experiment with music ring tones, I found that it was quite easy to accidently craft a message (in my case, a new ring tone) that is malformed. And it actually hung my cell phone up.

    I probably should have published this as a cool DOS attack, but then again, I really didn't know WHERE to public cell phone DOS attacks, much less what could be done to counter it, so I kept it to myself.

    Play around enough, though, and you'll find your own special email you can send to a cell phone that'll lock it tight.