March 9, 2011, 7:13PM
CanSecWest: Researchers Show Off Method For Disabling Phones Via SMS
4 Comments
VANCOUVER--A pair of security researchers from Germany demonstrated several techniques at the CanSecWest conference here Wednesday that enable them to remotely reboot, shut down or even completely disable many popular mobile phones with SMS messages.
The technique that Nico Golde and Collin Mulliner discussed relies on setting up a GSM network and sending specially crafted SMS messages to handsets. The pair showed a video demonstration of phones from a wide range of manufacturers, including LG, Sony Ericsson, Nokia and others rebooting, freezing and generally acting flaky after receiving the crafted SMS messages they sent.
The researchers only tested their methods on so-called feature phones, not smartphones such as Android devices or iPhones. The reason, they said, is that feature phones still are far more prevalent in most of the world than smartphones are, so the target area is much larger.
Editor's Pick
"The good thing is that there's no user interaction needed and the attacker can be anywhere in the world," said Mulliner. "We don't need proximity to the device."
The researchers set up their own GSM network using a laptop running OpenBSC and targeted various phones that they purchased on eBay. The targets included a Nokia S40, a variety of LG handsets and Sony Ericsson devices. The messages they sent included a binary payload and in at least one case, they were able to completely brick one of the Sony Ericsson phones.
In other cases, the SMS messages caused the phone to reboot or freeze on a startup screen. In general, the malicious messages weren't visible to the user and didn't register in the phone's SMS log, so the user would have little chance of figuring out what caused the phone to reboot or freeze.
On one of the LG handsets, Mulliner and Golde were able to remotely lock the phone, which, if the PIN option is set, can permanently disable the handset. That method leveraged a buffer overflow in the MMS notification system that the LG handset uses.
Commenting on this Article is closed.
Today's Most Popular
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- Dear Jailbreaker, Apple Wants to Have a Word with You
- ZTE Score M Android Phone Found to Have Backdoor Installed
- OPINION: Are Anonymous Members Forged in the Crucible of IT Compliance?
- New P2P Zeus Variant Targets Popular Sites with Bogus Offers
Most Commented Stories
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
22%
Only connect to password-protected, secure connections
37%
Only use websites with HTTPS
27%
I don’t pay attention to how I access the internet while traveling
14%
Total votes: 59
Follow Threatpost
 |  |  |  |
| Tumblr |
Comments
time to go with a protection app for your mobile device
we've checked out Lookout
https://www.mylookout[dot]com/
and been very impressed. award winning Android app.
This is not the only GMS issue that is out there. GMS needs to be fixed ASAP.
It's actually pretty well known --has been known for a while, too-- that handsets are mostly tested against the few types of base stations Out There and, er, that's it. Malicious input checking? Never needed; all the base stations are made by just a few manufacturers, right? Right?
Well, that's what OpenBSC changed. Phones are still back where computers were back in the eighties. And now we can poke at them. There's more where this came from. Far more.