'SMS of Death' Could Crash Many Mobile Phones

space_in_your_face writes "Research presented at a conference in Germany last week shows that phones don't even have to be smart to be vulnerable to hackers. Using only Short Message Service (SMS) communications, a pair of security researchers were able to force low-end phones to shut down abruptly and knock them off a cellular network. The trick works for handsets made by Nokia, LG, Samsung, Motorola, Sony Ericsson, and Micromax, a popular Indian cell-phone manufacturer."

Ahhhhhhhhh

[Jimpqfly]

Peace, at last !
No more stupid ring tones, no more boss (or wife) calls...
GREAT !

Re:Ahhhhhhhhh

You realize there is a "Power" button on your phone?

By pushing that for 3 seconds, the phone physically powers off, thereby creating the same effect.

Re:Ahhhhhhhhh

[Z00L00K]

No surprise there - I did already do that back in '02 on a Nokia. I had to move the SIM card to a SonyEricsson phone to delete the offending SMS.

So it's possible, but the message may have to be specific for the phone/model.

Re:Ahhhhhhhhh

[Jimpqfly]

You have the button, but this is better : you have the EXCUSE

Re:Ahhhhhhhhh

[HipToday]

If I could, I'd mod this redundant. Where I come from boss == wife.

Re:Ahhhhhhhhh

[Abstrackt]

Where I come from boss == wife.

No wonder you're here instead.

Re:Ahhhhhhhhh

[oobayly]

But how are you going to play FarmVille & FrontierVille with the phone off?

Disclaimer: I've farmed in real life, and I really couldn't be bothered with doing it in a game.

Re:Ahhhhhhhhh

Spoken like a true SubGenius (sort of).

If your pink conspiracy corporate overlord requires you to carry a cell phone, then you should still turn the phone off and MAKE THE EXCUSE that someone blasted your phone off the network.

You didn't pay your $30 and get your divine excuse for nothing, after all (only "Bob" can get something for nothing).

Re:Ahhhhhhhhh

[0100010001010011]

"Why didn't you answer my call. Where were were you. What were you doing? What are you up to?, Soooo.... I'm going to need you to work Saturday".

vs

"Aww honey, I tried to call my my phone was acting up. Could you take a look at it."

"You're lucky my phone was acting up. I almost called you in for a double shift. I was able to catch Smith before he left."

Re:Ahhhhhhhhh

Dude... I'd totally marry my boss, she's hot and completely awesome. Some loser beat me to it though...

Re:Ahhhhhhhhh

Peace, at last !

No more stupid ring tones, no more boss (or wife) calls...

GREAT !

Hello quiet my old friend.
Within the SMS of silence.

Re:Ahhhhhhhhh

[Mister+Whirly]

+1 Slack

Re:Ahhhhhhhhh

[overlordofmu]

The subgenius can have all my slack they can carry. There are not enough subgenius in all of history to impact my slack.

You Bob-hugging lads need to remember that it is all a matter of perspective. Perspective does not cost $30. Someone is stealing from YOU!

Hail Eris! All hail Discordia!

Re:Ahhhhhhhhh

[Paradise+Pete]

Hello quiet my old friend. Within the SMS of silence.

I've noted that pop-culture references to more than 40 years ago do not do well here on the slashdots. (Modulo Star Trek, of course.)

Re:Ahhhhhhhhh

[GameboyRMH]

What? I got it. Heck we make Burma Shave jokes around here.

Re:Ahhhhhhhhh

[damien_kane]

+1 Slack
--
"But this one goes to 11!"

Slackware is up to 13.1, though.
Well past 11.

Re:Ahhhhhhhhh

[lgw]

Taunting the Bob-huggers is uncool. All sects of Discordia are the One True Discordia, especially those that explicitly contradict one another.

Re:Ahhhhhhhhh

I'm not a loser; I am 1337!

Re:Ahhhhhhhhh

[lgw]

Disclaimer: I've farmed in real life, and I really couldn't be bothered with doing it in a game.

Farm games are old now, and I'm still shocked whenever I see one. I would never have believed that "virtual farming" would catch on! To me, that's right up there with "virtual watching paint dry" and "virtual watching grass grow". Actually, for some crops it is "virtual watching grass grow". I have to admint, I no longer understand today's youth. Kids, lawn, etc.

Re:Ahhhhhhhhh

Are you cabbages still believing what you read? Have you learned NOTHING?!

Re:Ahhhhhhhhh

The subgenius can have all my slack they can carry. There are not enough subgenius in all of history to impact my slack.

You Bob-hugging lads need to remember that it is all a matter of perspective. Perspective does not cost $30. Someone is stealing from YOU!

Hail Eris! All hail Discordia!

"Bob" did say, "You'll pay to know what you really think". You have to look at something when bending over. I, personally, like looking at a face with a pipe sticking out of it. A golden apple may do it for you. I'm not Malaclypse the Elder, nor I am Hagbard Celine, but YMMV.

Aum Shiva.

Re:Ahhhhhhhhh

[Suki+I]

You have the button, but this is better : you have the EXCUSE

My iPhone behaves that way without touching a button or getting a message. Well, I do have to actually power it off myself, but otherwise the effect is identical. Apps just close, the internet just drops, calls end on their own, all with a full signal!

Re:Ahhhhhhhhh

[John+Hasler]

> Heck we make Burma Shave jokes around here.

Despite the fact that there are only three of us here who have seen an actual Burma Shave sign.

Re:Ahhhhhhhhh

[damaged_sectors]

The subgenius can have all my slack they can carry. There are not enough subgenius in all of history to impact my slack. You Bob-hugging lads need to remember that it is all a matter of perspective. Perspective does not cost $30. Someone is stealing from YOU! Hail Eris! All hail Discordia!

I'll happily pay tax on my religion - and if I go to Hell I get my $30 back. You can keep yours *and* let someone else pull the wool over your eyes.

So ...

[PPH]

... how do I address this 'SMS of death' message to all the phones in my immediate vicinity?

Re:So ...

[kenrblan]

You might need to define vicinity. One option is to send the programmatically SMS of death to every possible combination of mobile phone numbers within you area code. That might hit a few that have roamed outside your area, but would largely accomplish your task.

Re:So ...

[somersault]

Might be a bit expensive though.

Re:So ...

[TheL0ser]

Why limit yourself to your area code? Especially if you live near a college, there's going to be multiple area codes all in one space. The only solution is to wardial the SMS from (000)000-0000 to (999)999-9999 and repeat. Skipping some whitelist of numbers, of course.

Re:So ...

[jo_ham]

And if you're in the UK, you'd be stuck too, since all mobile numbers start 07, and have nothing to do with your local area code which only apply to landlines.

Re:So ...

[mikael]

They set up their own base station using free software. That gives them access to the phone numbers. Then it would just be a matter of sending the SMS messages Even a standard wireless modem would allow a regular PC to send SMS messages via AT commands for GSM/CDMA wireless modems. Some phones support "long messages" which are just short messages chained together by software. There is a maximum of 160 characters with Latin alphabets and 70 characters with Chinese or Arabic alphabets (unicode?). That seems to be what they are doing here - there seems to be all sorts of opportunity for creating chaos by combining these two features.

Re:So ...

[AndrewNeo]

That's what unlimited text messaging plans are for!

Re:So ...

[eleuthero]

Google voice? (they warn that abuse will get sms privileges taken down) but after that happens, there's always AT&T... maybe start with them... their webpage allows sending of sms for free.

Re:So ...

[mcgrew]

Not if you have a BOOST or similar carrier (flat $50/month fee)

Re:So ...

[houghi]

In Belgium that would be 04[6-9]x/xxxxx
The complete numbering plan for Belgium can be seen here : http://bipt.be/en/161/ShowDoc/2547/Database/National_numbering_plan.aspx in several languages as pdf.

Re:So ...

[xaxa]

At least you know you'd only be addressing mobile phones (you'd need to be a bit more careful than just 07, but the ranges are on the Wikipedia article for UK numbers).

SMSing the 10,000,000 numbers in a US area code region is going to hit a lot of landlines.

Re:So ...

[demonbug]

You might need to define vicinity. One option is to send the programmatically SMS of death to every possible combination of mobile phone numbers within you area code. That might hit a few that have roamed outside your area, but would largely accomplish your task.

Nah, that would never work where I live. University town, nobody bothers to get a new phone number when they move across the country these days. I think we better hit all the mobile numbers, just to be sure. Make sure you sign up for unlimited messaging first, though.

Re:So ...

[Graff]

... how do I address this 'SMS of death' message to all the phones in my immediate vicinity?

Use a cell broadcast!

Re:So ...

[GameboyRMH]

there's always AT&T... maybe start with them... their webpage allows sending of sms for free.

...and there you go. (SMSes of death * shellscript) / unsecured wifi = weapon of mass pwnage.

Re:So ...

[lavacano201014]

(000)000-0000 isn't a valid number. The lowest number the area code can be is 201 (first digit [2-9], rest [0-9]). However, the area code can't end in 11, to avoid confusion with 911 and similar numbers.

Also, 555-0100 through 555-0199 are reserved for use in fiction (though other 555 numbers are valid).

Source: http://en.wikipedia.org/wiki/North_American_Numbering_Plan#Current_system

Re:So ...

[lavacano201014]

Oh, additionally, the second group of three digits (the 555 in a 555-XXXX number) can't be 0 anything or 1 anything, so the phone doesn't get confused and try to do an operator assisted or long distance call.

Re:So ...

[yakatz]

In North America, phone numbers are always in the form NXX-NXX-XXXX, with N being a digit from 2-9 and X being a digit from 0-9.
Instead of 10,000,000,000 permutations, you only have 6,400,000,000
It is called NANPA and there are a few other reserved numbers mixed in (for example, in an NXX group, both Xs can not be 1 to avoid confusion with N11 services such as 911).
Wikipedia also has a good article about this.

Re:So ...

[multipartmixed]

Use the cell broadcast service, that's what it's for.

Re:So ...

[GNious]

So set up a fake cell-tower thats configured to get all nearby phones onto it, and then blast them with an SMS Of Death ...

Me likes...

Re:So ...

[orangesquid]

Hmm, that would give a regex of: [2-9]([02-9][0-9]|1[02-9])([2-46-9][0-9]{6}|5[0-9][0-46-9][0-9]{4}|555[1-9][0-9]{3}|5550[02-9][0-9]{3})
(I know, I know, a regex is for matching, not for iterating, but since I'm not using any variable-length operators, you could iterate based on that pattern.)
Of course, that doesn't account for unassigned/unused NPAs; removing those from the list would shorten it considerably.

Re:So ...

[Firehed]

Or just email the magic SMS emails. phonenumber@vtext.com and things of that nature. (See 'List of SMS Gateways' on Wikipedia, slashdot has somehow prevented me from pasting the url into the damn box)

Re:So ...

[rdnetto]

1. Carry a picocell base station around with you.
2. Send SMS of death ...
3. Profit

It's worth noting that it isn't necessary to send the SMS, since you can silently block all calls/texts if they're connecting to your station.

Destroy the world's communications

Lets crash all the world's mobile phones just because we know how to now.

Desired future news:

[Even+on+Slashdot+FOE]

Sending the "SMS of Death" has become common practice at theaters in order to finally force people's cell phones to stop ringing.

Re:Desired future news:

[somersault]

I thought that was just jamming, and I also saw someone else saying they had to stop doing that to allow emergency calls from movie theaters?

Re:Desired future news:

"Desired Future News"

They do not use this practice in actual theaters, but the parent wanted it for that purpose.

Re:Desired future news:

whooooooooosh

Re:Desired future news:

[Jimpqfly]

How would you get people's phone number ?

Re:Desired future news:

MOD PARENT UP

Re:Desired future news:

[somersault]

Ah, the good old "put half of my post in the title, even though a lot of people skim past the titles since they're usually full of Re:re:re:re:re:". Oops.

Re:Desired future news:

[Paradise+Pete]

Maybe because of your sig he figured it would be ok this time.

Re:Desired future news:

[FrootLoops]

MOD PARENT UP

MOD PARENT DOWN

Re:Desired future news:

[somersault]

In that case I must say that it's quite impressive that he knew I'd reply before he posted.

Re:Desired future news:

MOD PARENT SHAKE ALL AROUND

Re:Desired future news:

[thisisntme]

MOD PARENT HOKEY COKEY

Awww

[pythonboy]

So this SMS of death, won't cause the handset to beat the user to death with his/her own shoes ? How bitterly dissapointing.

Reminds me of punters

Ah the good ole days of AOL...

While it might be possible, whats the incentive?

[Viol8]

Sure, you might get a few hackers who do it for curiousity to a few numbers with a few types of phones, but eventually they'll get bored and move on to something else. Unless its easy to create binaries that can do something useful to a crim and its easy to send these binaries to ALL types of phones fast then criminal hacker types are unlikely to get involved since its far easier to earn money screwing around with PCs.

VoD of the Talk

[radl]

You can watch the talk over here: http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-4060-en-attacking_mobile_phones.mp4 or download it via torrent: http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-4060-en-attacking_mobile_phones.mp4.torrent

Re:VoD of the Talk

You can watch the talk

Phew, for a second I thought this was some new corporate buzzwordspeak.

No surprises

[rsilvergun]

I had a cheap Virgin Mobile, and if you looked at it funny it would crash.

Re:No surprises

there was a period during a rebranding of the company where Virgin implemented this feature so as to avoid there phones being used by funny looking customers.

Re:No surprises

[Nadaka]

I had a cheap virginmobile too at one point. It was a rusted out deathtrap of a ford escort that was given to me for free by my older brother. The passenger door was held shut by a bungee cord, the drivers seat bolts were rusted out making it unattached, it vented thick smoky exhaust directly into the cabin through a gaping hole in the dashboard.

Re:No surprises

[mcgrew]

You should have seen the LG I had five or six years ago. Crash? It would do all sorts of crazy things, like the screen going backwards, upside down, display garbage.

I sent it back under warrantee, and the one they replaced it with was even worse.

So no more LG tech for me, they obviously have some horrible quality control.

Re:No surprises

[operagost]

I think we can safely take this a step further and call that deathtrap a Darwinmobile!

Re:No surprises

[vgerclover]

Did you try looking at it serious?

Re:No surprises

[Ginger+Unicorn]

reminds me of vyvyan's ford anglia

Whole article, without the annoyances.

Fuck that site! They try and show you adverts before the article, then it is spread over multiple pages. I don't give a shit about how they are trying to make money, if you do it in annoying ways, people will work around it. So here is TFA. There was a link to a print version, but fuck knows if that will try and interrupt with more fucking adverts.

Tuesday, January 4, 2011
"SMS of Death" Could Crash Many Mobile Phones

Phones don't have to be smart to be vulnerable.

By Erica Naone

The phones in many people's pockets today are miniature personal computers, and they are just as vulnerable as PCs to viruses, malware, and other security problems. But research presented at a conference in Germany last week shows that phones don't even have to be smart to be vulnerable to hackers.

Using only Short Message Service (SMS) communications--messages that can be sent between mobile phones--a pair of security researchers were able to force low-end phones to shut down abruptly and knock them off a cellular network. As well as text messages, the SMS protocol can be used to transmit small programs, called "binaries," that run on a phone. Network operators use these files to, for example, change the settings on a device remotely. The researchers used the same approach to attack phones. They performed their tricks on handsets made by Nokia, LG, Samsung, Motorola, Sony Ericsson, and Micromax, a popular Indian cell-phone manufacturer.

A number of largely theoretical attacks aimed at iPhones and Android devices have made headlines over the past few years. But smart phones make up only 16 percent of the devices in use. So-called feature phones--which can do more than make calls but run only software with limited functionality, enabling their users to do such things as send text messages and play games--account for the majority of around 5 billion mobile phones in use worldwide.

Feature phones are harder to attack than smart phones because of their limitations. Their processors are less powerful, and they have less memory capacity, so they must run simpler software, which often cannot be loaded unless the carrier gives permission. Feature phones also have more varied hardware and software idiosyncrasies than smart phones do.

The security researchers who presented their work at last week's conference, Collin Mulliner, a PhD student in the Security in Telecommunications department at the Technische Universitaet Berlin, and Nico Golde, an undergraduate student at the same institution, decided to attack feature phones over the air. They set up a miniature cellular network, using open-source software to create a base station with which to communicate with the phones. In order to broadcast malicious messages to them without putting other devices at risk, they shielded their communications by enclosing their network in a Faraday cage, which blocks radio signals.

Having a private cell network also helped Mulliner and Golde study the software running on low-end phones. By monitoring the way the phones communicated with their base station, they could discern important information about how the phones worked and how SMS messages could affect them.

The researchers were able to create malicious SMS messages for each type of phone they studied. The messages affect the phones without any response from the user. Because feature phones are so common, Mulliner says, such an attack "could take out a large percentage of mobile communications."

To target a specific user, an attacker would need to know what kind of phone he or she uses, since each platform requires a different message. But Mulliner says that attackers could easily knock out large numbers of phones by sending a set of five SMS messages--targeted to the five most popular models--to every device on a specific network. Mulliner notes that there are Internet-based services that send SMS messages en masse either cheaply or free, making it possible for an antagonist with limited resources to carry out such an attack from anywhere in the

Re:Whole article, without the annoyances.

Dude it's 2011 and you're still using IE?

Re:Whole article, without the annoyances.

Buddy, the last time I chose to use IE was on Windows 3, probably IE3.

There were dark days when Netscape 4 couldn't cut it, before Mozilla appeared, when IE was one of the only alternatives, but to be honest I persevered with Netscape and only used IE when sites crashed Netscape. By then though, I was using an advert and junk blocking proxy, so much of what could upset Netscape didn't get through. There was no stopping the effect nested tables had on NN though, nor the fact it would hold the CPU at 100% whilst pages loaded.

Anyway, what is the insinuation about IE? Are you implying that I don't use FF or Seamonkey and so do not have NoScript and Adblock? Or that other add-on that stitches together pages when articles are spread out? I do use FF with NS and AB, so I was presented with a blank grey page between clicking the link for TFA and getting to TFA. TFA had no adverts surrounding it, but that is not the point. The experience presented to me was fucking annoying, and it must only be worse if the adverts are there! I don't use that other add-on to stitch pages together, as I do not want to start down the path of having add-ons for every shortcoming on the web. I feel directly penalising those who create the shortcomings is better.

Re:Whole article, without the annoyances.

[damaged_sectors]

I do use FF with NS and AB, so I was presented with a blank grey page between clicking the link for TFA and getting to TFA. TFA had no adverts surrounding it, but that is not the point. The experience presented to me was fucking annoying, and it must only be worse if the adverts are there!

You don't need another extension - Flashblock, Adblock Plus, NoScript, and BugMeNot are all the extensions you'll ever require. All you need to do is learn how to use "Open in New Tab" - it takes all of 5 seconds *while you're reading TFA* for the referenced grey page to load the text. I had to go back and do it all again - very fucking slowly to find out what you're blathering about Buddy.

No one asked about your bloody boring history of browsers - now get off my lawn.

How permanent is it?

[mark-t]

Article didn't really make it clear. Does it render the phone useless enough to require a replacement, or can service be restored? If the former, it strikes me that a company could surreptitiously use this to try to force a customer into renewing their contract with a new phone?

Re:How permanent is it?

[ODSMonkay]

I could definitely see AT&T doing this. We see your contract has expired and your phone is now a paperweight.

Re:How permanent is it?

[eleuthero]

This explains why my HTC Wizard died a few years back...

Re:How permanent is it?

[tlhIngan]

Article didn't really make it clear. Does it render the phone useless enough to require a replacement, or can service be restored? If the former, it strikes me that a company could surreptitiously use this to try to force a customer into renewing their contract with a new phone?

A power cycle usually fixes it.

However, sometimes the SMS that killed the phone would crash it before the SMS could be acknowledged, so right after re-registering on the same network, the phone would get the SMS again and crash. Using a non-vulnerable phone to retrieve the problematic SMS fixes it. Or you can just live without a cellphone for a few days untilt he SMS times out.

Re:How permanent is it?

[arth1]

However, sometimes the SMS that killed the phone would crash it before the SMS could be acknowledged, so right after re-registering on the same network, the phone would get the SMS again and crash. Using a non-vulnerable phone to retrieve the problematic SMS fixes it. Or you can just live without a cellphone for a few days untilt he SMS times out.

Or pack the phone in hat liner, turn it on, turn off automatic SMS acceptance, restore service, and say "no" to the next SMS.

Google Voice

[burry]

Another pro for using Google Voice and blocking SMS on my cell

Corrected URL

[ekimminau]

I was getting 404 errors following the original URL.

Corrected URL below:
http://www.technologyreview.com/communications/27021/?p1=MstRcnt

it's not a buggy phone...

[Tumbleweed]

it's a feature phone!

Executable SMS?

[jonescb]

The article is really light on details, but what about these messages cause a phone to crash? Is the phone executing what is supposed to be textual data? Is this certain data just causing a buffer overflow somewhere? What is actually happening?

Re:Executable SMS?

[maxume]

They are executing binary data. User messages are supposed to be text, but the carriers also use the SMS infrastructure for other things.

Re:Executable SMS?

[digsbo]

For specific purposes carriers may provision SMSC (short message service centers) and GMSC (gateway message service centers) to send binary data to interact with applications on the mobiles.

In practice, this is very rare because the carriers have known for a long time that binary payloads may be susceptible to misuse for malicious reasons. Thus, very few originators of short messages are permitted to send binary payloads (or at least when I was doing this a few years ago, maybe now it's different).

This is probably now much of an issue because it's really quite difficult to get binary sms provisioning from carriers (AT&T, TMO, etc.) because you need to have a contract with special stipulations about what the originating messages will be used for. These are looked at closely by carriers.

Re:Executable SMS?

[u38cg]

It depends how smart your network provider is. Certainly in the UK, when I was an engineering student people were mucking around with this and all networks would pass on binaries without regards to the source.

Who's laughing now!

[fahrbot-bot]

And people scoff at my 14 year old Qualcomm QCP-1900. I'd send them all an SMS of Death, if my phone could send text messages... (sigh) Still. Try defending yourself from a mugger with a Droid or iPhone - hah!

Re:Who's laughing now!

[operagost]

But I can see that the phone supports text messages right from the page you linked to... ?

Re:Who's laughing now!

[FrootLoops]

Maybe the GP's phone plan doesn't include text messages.

Re:Who's laughing now!

[fahrbot-bot]

The phone can receive text-messages, but only from the provider -- for things like usage alerts. I originally got it from PrimeCo, now nTelos in my area. The phone was $200 in 1998 and my plan is $15/month (w/taxes) -- no minutes, but I only use it occasionally/for emergencies -- still, it has 6 hours of talk and 2 weeks of standby.

Someday I may get a current phone, when I have more people to call :-(

Re:Who's laughing now!

[publiclurker]

You could fo to a real low end phone like tracfone. It works out to about $6 a month for a small number of minutes. Of course, you would have to put a brick in your pocket to get the same amount of exercise as lugging around one of the older phones.

Feh.

That's not an SMS of death....merely an SMS of irritation.

An SMS of death would involve the recipient's head exploding. Literally.

A signal that could cause the Li-ion batteries to forcibly discharge at once might qualify, as well, but I wouldn't want to make that call. (pun intended)

Re:Feh.

So let me guess, you also think that terms like "blue screen of death" or "red rings of death" are misnomers, and you spend your time going around the internet trying to convince people of that?

Block text messages?

[BenFenner]

What happens if you've blocked all incoming text messages (even from the provider)?

(Which subsequently produces meat-space spam to arrive I've found.)
http://www.supercars.net/gallery/132464/1542/873030.jpg

twice ridiculous

[toolz]

1.This post (and the linked-to article) make a great effort to hide the name of the "conference in Germany". $deity knows why, but the conference was the 27th Chaos Communication Congress (27C3), organised by the Chaos Computer Club.

2.The "SMS of death" was not new in any way - it was well known and discussed back in 2008 at the 25C3. What the researchers effectively showed was that the manufacturers and the GSM networks had *still* not fixed the problem, even years later!

Executable SMS==MMS.

In practice, this is very rare because the carriers have known for a long time that binary payloads may be susceptible to misuse for malicious reasons. Thus, very few originators of short messages are permitted to send binary payloads (or at least when I was doing this a few years ago, maybe now it's different).

MMS

Re:Executable SMS==MMS.

[digsbo]

I don't think so. When I read the specs in 2007 binary SMS was not the same as the MMS standard.

Who needs hackers?

Motorola is WAY ahead of these guys. My Motorola CLIQ with "Blur" already shuts itself off randomly and for no evident reason. Who needs a hacker to remotely shut off your phone against your will when the feature is already built-in? :)

Re:While it might be possible, whats the incentive

[GameboyRMH]

If the telcos really can't stop this you could make some good dough holding their network for ransom. They wire you some cash (not too much, it has to be much cheaper for them to pay, stay in the 5-digit range) or you bring all their phones down. During the ransom call (make sure you've got the guy on a wired phone) you demonstrate your attack on everyone in the office (not using the same source as the actual attack of course, probably best to use an untraceable prepaid or stolen SIM with a USB GSM adapter on a laptop (in a different location controlled via a wifi connection, NOT in your lap as you make the ransom call, which should be from a pay phone, and be sure to power down the GSM modem and destroy it after the attack) for your demonstration attack, and ideally you should avoid using the same exploit code that would be used in the real attack, in case they're able to do something to block the attacks fast enough).

Although in reality I don't see why it would be so hard to block all SMS messages containing binary executable data that doesn't come from an approved source, unless the packets are all so nondescript that they can't tell one of these messages from a piece of an MMS or something.

Big Deal

[Crock23A]

I used to be able to send an instant message over AOL that would cause the other user's CD-ROM drive to open. It was hilarious while it lasted. There were similar exploits that would boot them off the service.

Would email do the trick?

My carrier gives you an email alias through which you can send a text message to the phone. Could you just crank out emails to every number on every carrier that does this?

Ah, memories... so like the Ping Of Death

[imgunby]

Even the names of the old tools, Teardrop and Boink, would be suitable... good times

And this is a bad thing?

[Lawrence_Bird]

It might be highly amusing to expose people for the technocrack addicts that they are. Oh my god! My phone won't work, what ever shall I do?!? Let me just curl up into a ball under this park bench until its working again.

SMS Content?

[salmosri]

Anyone know what to put in the message? Just for research purposes....

Boss or wife ?

[ceCA]

Boss or wife? Boss and wife are same person.

Re:While it might be possible, whats the incentive

[DarwinSurvivor]

Have you seen how teenagers text lately. I'd almost have a hard time figuring out if a legitimate text was binary or not...