Researchers from the Berlin Institute of Technology used the simple trick of imitating the data messages network providers send to phones. Usually the messages are used for tasks such as configuring the device for a particular provider, but they can easily be subverted.
Perhaps surprisingly, the attack targets regular “feature phones” rather than smartphones. Feature phones are so-called because they typically perform one or two other tasks, such as MP3 playback or web browsing, in addition to making calls.
Feature phones are significantly less expensive than smartphones, so–although smartphones get most press attention–out in the real world they find most use amongst the world’s population. Therefore, the scale of the hack could be huge.
The researchers made their discoveries by creating their own testbed cell phone tower in a lab shielded from outside signals. They monitored communications from the phone and by doing so were able to create messages that attacked every single model of phone they studied.
To attack an individual’s phone, one would need to know the make and model. However, a large-scale random denial of service attack would be easy to carry out: with a little research to find the most popular phone models on the market today, an attacker could send a series of messages targeting each phone to specific or random numbers via the various Internet gateways that allow bulk text message sending. Anybody receiving the dodgy message would have their phone silently switch off, without their knowledge. If the hack didn’t work on a user’s particular model of phone, it would simply be ignored as gibberish.
Of course, the researchers are keeping secret their exact methods but now the cat is out of the bag it won’t be long until hackers come up with their own versions.
There’s little that can be done to thwart attacks. Phone firmware could be reprogrammed to block such messages, but the majority of non-smartphone owners simply don’t update their phones. Many aren’t even aware it’s possible, and those who are often avoid doing so for fear updating to buggy software, something that sadly is all too common. Often inexpensive phones come without a USB cable, making updating impossible unless one is purchased.
Service providers could filter out the messages from their network but, although filtering software is often already in place to capture spam, it doesn’t presently have the ability to catch data messages, such as those used in the attack.
The good news is that the relative simplicity of feature phones means that the hack is limited to annoying tricks, such as turning off the phone. It will be almost impossible for attackers to inject their own code into phones in order to steal data, for example, something which is possible with higher-level smartphones such as the Apple iPhone and, potentially, devices running Google Android.
It’s been an uneasy time recently in the world of mobile phone security. Last year it was shown how GSM phone communications can be hacked with just $1500 of hardware, allowing attackers to listen into communications.
To view a video of the presentation by the researchers behind the ‘SMS-o-Death’ hack, Nico Golde and Collin Mulliner, click here.
Keir Thomas has been writing about computing since the last century, and more recently has written several best-selling books. You can learn more about him at http://keirthomas.com and his Twitter feed is @keirthomas.