Security Vendors Ready Fix for 'Curse of Silence' SMS Attack

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

A single malformed text message can prevent some Nokia smartphones from receiving further messages via SMS (Short Message Service) -- and the offending message can be sent from almost any Nokia phone, even non-smartphone models, a German security researcher demonstrated Tuesday.

At least one security software vendor has already released software to protect against the denial-of-service attack, dubbed the "Curse of Silence" by the researcher that demonstrated it at the Chaos Communications Congress in Berlin, organized by Germany's Chaos Computer Club (CCC).

CCC member Tobias Engel showed how smartphones running versions 2.6 through 3.1 of Nokia's Series 60 software running on Symbian OS are unable to receive further messages by SMS or MMS (Multimedia Messaging Service) after receiving malformed text messages. Versions 2.8 and 3.1 of the software will warn of memory problems after one malformed message, and will silently fail after receiving 11 such messages, he said.

The problem is worse for phones running versions 2.6 and 3.0 of the software: they will silently fail after receiving a single malformed message, he said.

The phone must be factory-reset to resolve the problem and allow it to receive text messages once again, Engel said.

Sony Ericsson phones running UIQ software on top of Symbian OS are also vulnerable, security software vendor F-Secure warned Wednesday.

The simplicity of the attack -- it can be launched from almost any Nokia phone with the option to send an SMS text message as "Internet Electronic Mail", including older non-smartphone models -- makes it likely that people will try it just to see what happens, F-Secure said. The attack's nuisance value is increased because mobile phone networks also send notifications of new voicemail by SMS, so an attacked phone may stop advising of new voice messages too, it warned.

The company has developed a fix that can protect vulnerable phones from malformed messages as part of its F-Secure Mobile Security software for smartphones, it said.

Engel suggested a different approach to protecting phones, proposing that network operators deal with the problem by filtering out the malformed messages as they pass through their SMS servers.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
  
Shop Tech Products at Amazon