Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Attack Can Disable Phones Via SMS

Posted by timothy on from the actually-don't-txt-me-lol dept.

Trailrunner7 writes "A pair of security researchers from Germany demonstrated several techniques at the CanSecWest conference here Wednesday that enable them to remotely reboot, shut down or even completely disable many popular mobile phones with SMS messages. The technique that Nico Golde and Collin Mulliner discussed relies on setting up a GSM network and sending specially crafted SMS messages to handsets. The pair showed a video demonstration of phones from a wide range of manufacturers, including LG, Sony Ericsson, Nokia and others rebooting, freezing and generally acting flaky after receiving the crafted SMS messages they sent."

14 of 62 comments (clear)

  1. /. News Network by Even+on+Slashdot+FOE · · Score: 2

    Today the top story is things we've already reported on. In related news, movie theaters now want to get your cell number when you buy a movie ticket.

  2. Next up twitter? by skids · · Score: 3, Funny

    Seriously, how hard can it be to secure a service that consists of nothing but 180 character text messages and a sending/receiving station address? Were the designers of SMS the morons here, or the phone OS coders?

    --
    Someone had to do it.
    1. Re:Next up twitter? by WrongSizeGlass · · Score: 4, Insightful

      Were the designers of SMS the morons here, or the phone OS coders?

      Probably both.

    2. Re:Next up twitter? by pep939 · · Score: 2

      OOps, saw your comment too late... see my post if you're interested in the subject and want to learn how GSM is (not) protected.

    3. Re:Next up twitter? by timeOday · · Score: 2

      That was originally true, but is either A) no longer true or B) should no longer be true. I don't think any analog networks are still in service, and I don't see why SMS would be sent that way on a network designed for digital payloads. Either way, there are no excuses for this in 2011.

    4. Re:Next up twitter? by Anonymous Coward · · Score: 2, Informative

      I don't think you realize exactly what SMS is.

      SMS was originally a control channel designed for sending configuration and command messages. Then someone noticed it could be used to little text messages "out of band", and shortly after people started using it for mostly that.

      The SMS spec defines all sorts of things you wouldn't believe. You can send binary messages that configure all sorts of things on the handset, or pop up messages on the phone, or even get delivered to applications that are running on the phone or sim card. The sim card is actually a small computer, it has storage, ram, and a processor, some sim cards even run a java variant VM (JavaCard), and they can communicate with the handset using AT commands (how cool is that) and the network with SMS.

      There is a complete port-based delivery system, a hugely complicated encoding mechanism, a complete spec for how to encode xml into compact binary form (wbxml), and dozens if not hundreds of different specs for various messages that can be sent. Want to configure the access points on a phone? yep it can. Want to configure the home page of the browser? yes, download a ringtone? yep, send a picture? of course.

      Now consider the number of handset manufactures, the number of different handsets, with different firmware, and the varying range of support for all these things. It's absolutely no surprise you can crash a phone with a well (or badly) crafted message.

  3. Oh, No. Carriers and Phone Manufacturers will by www.sorehands.com · · Score: 2

    Now Carriers and Phone Manufacturers will blame dropped calls, phone flakiness, phone failures of malicious messages from hackers. Before, it was, "well you have to expect that with radio signals" or sunspots, or that you abused the phone.

    Anything for a cell phone provider to avoid responsibility for their failure to deliver services or features they promised.

    --
    Fight Spammers!
    1. Re:Oh, No. Carriers and Phone Manufacturers will by Linker3000 · · Score: 3, Informative

      The Iphone 4 has a special 'safe-mode grip' the user can do with their hand that blocks these dangerous messages. It's a 'feature'.

      --
      AT&ROFLMAO
  4. Already presented at 27C3 in Berlin in December by mxs · · Score: 3, Informative

    The presentation from the 27th Chaos Communication Congress in Berlin last December (http://events.ccc.de/congress/2010/Fahrplan/events/4060.en.html) is available at http://www.youtube.com/watch?v=8bkg3AjY6fs or http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-4060-en-attacking_mobile_phones.mp4 .

  5. Re:Features Phones But Not Smart Phones? by grapeape · · Score: 2

    Why not just have someone send you a message?

  6. Re:Features Phones But Not Smart Phones? by Imabug · · Score: 2

    FTA

    "The researchers only tested their methods on so-called feature phones, not smartphones such as Android devices or iPhones. The reason, they said, is that feature phones still are far more prevalent in most of the world than smartphones are, so the target area is much larger."

    --
    "For I am a Bear of Very Little Brain, and Long Words Bother Me"
  7. Re:Old news by lart2150 · · Score: 2

    Something like this http://mobile.slashdot.org/story/11/01/07/1513258/SMS-of-Death-Could-Crash-Many-Mobile-Phones

  8. Re:It may be in the wild by swanzilla · · Score: 5, Insightful

    Please turn off your computer.

    --
    0 = 1 + e^(Alt something)
  9. This is news? by M3wThr33 · · Score: 4, Funny

    My Palm Pre already locks up and sometimes reboots when I get a regular SMS from anybody.

    I hate my phone.