The SMS of Death Mobile Phone Attack Explained

Monday, March 21, 2011



SMS of Death attacks, which can disable a mobile phone, are exacerbated by a standard message transmission protocol used by carrier networks.

SMS text messages are cached by the carrier and sent repeatedly until a phone replies that the message has been received.

In an SMS of Death attack, a malformed message is sent to the target phone which can not be properly received, so no reply is sent to the network. The network will continue to try to send the malformed message and effectively disable the phone in the process.

"The so-called SMS of death attacks were unveiled late last year at a hacker conference in Berlin. They use special binary characters and overflowed headers to temporarily crash most older models made by manufacturers including Nokia, Samsung, Sony Ericsson, LG, Motorola, and Micromax. Carrier networks often aggravate the attacks by bombarding the target with the same malicious message, making them an inexpensive way to take a phone completely offline," writes Dan Goodin of the The register UK.

Furthermore, some cell phones are enabled with a "watchdog" feature that will itself render the phone inoperable after receiving three of the malformed messages. This feature is present in all Nokia phones sold prior to 2010.

Researchers note that the attack is both simple and inexpensive to conduct, which makes it attractive to attackers.

“With this bug, you can basically shut down a phone with one SMS and let the network do the retransmission all the time. For very cheap, you can have the network attack the phone for you," Collin Mulliner, a Ph.D. candidate at the Berlin Institute of Technology, told The Register UK.

Mulliner and colleague Nico Golde presented their SMS of Death research at the CanSecWest conference in British Columbia where the highly touted Pwn2Own hacking contest is held.

The researchers said the attacks would most likely be used against "social enemies and business rivals," and that the techniques could also be used in conjunction with bulk SMS services and smartphone botnets.

Although the attacks do not seem to affect smartphones, more than eighty percent of users world-wide still use mobile devices susceptible to the technique.


Possibly Related Articles:
PDAs/Smart Phones
Mobile Phones Vulnerabilities Attacks Headlines Text Messages CanSecWest SMS of Death
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.