Forgot your password?
typodupeerror
Cellphones Security

'SMS of Death' Could Crash Many Mobile Phones 108

Posted by Soulskill
from the can-we-find-better-names-for-these-things dept.
space_in_your_face writes "Research presented at a conference in Germany last week shows that phones don't even have to be smart to be vulnerable to hackers. Using only Short Message Service (SMS) communications, a pair of security researchers were able to force low-end phones to shut down abruptly and knock them off a cellular network. The trick works for handsets made by Nokia, LG, Samsung, Motorola, Sony Ericsson, and Micromax, a popular Indian cell-phone manufacturer."
This discussion has been archived. No new comments can be posted.

'SMS of Death' Could Crash Many Mobile Phones

Comments Filter:
  • Ahhhhhhhhh (Score:2, Funny)

    by Jimpqfly (790794)
    Peace, at last !
    No more stupid ring tones, no more boss (or wife) calls...
    GREAT !
    • by Anonymous Coward

      You realize there is a "Power" button on your phone?

      By pushing that for 3 seconds, the phone physically powers off, thereby creating the same effect.

      • Re:Ahhhhhhhhh (Score:4, Insightful)

        by Jimpqfly (790794) on Friday January 07, 2011 @11:49AM (#34791562) Homepage Journal
        You have the button, but this is better : you have the EXCUSE
        • by Suki I (1546431)

          You have the button, but this is better : you have the EXCUSE

          My iPhone behaves that way without touching a button or getting a message. Well, I do have to actually power it off myself, but otherwise the effect is identical. Apps just close, the internet just drops, calls end on their own, all with a full signal!

      • by oobayly (1056050)

        But how are you going to play FarmVille & FrontierVille with the phone off?

        Disclaimer: I've farmed in real life, and I really couldn't be bothered with doing it in a game.

        • by lgw (121541)

          Disclaimer: I've farmed in real life, and I really couldn't be bothered with doing it in a game.

          Farm games are old now, and I'm still shocked whenever I see one. I would never have believed that "virtual farming" would catch on! To me, that's right up there with "virtual watching paint dry" and "virtual watching grass grow". Actually, for some crops it is "virtual watching grass grow". I have to admint, I no longer understand today's youth. Kids, lawn, etc.

      • "Why didn't you answer my call. Where were were you. What were you doing? What are you up to?, Soooo.... I'm going to need you to work Saturday".

        vs

        "Aww honey, I tried to call my my phone was acting up. Could you take a look at it."

        "You're lucky my phone was acting up. I almost called you in for a double shift. I was able to catch Smith before he left."

    • by Z00L00K (682162)

      No surprise there - I did already do that back in '02 on a Nokia. I had to move the SIM card to a SonyEricsson phone to delete the offending SMS.

      So it's possible, but the message may have to be specific for the phone/model.

    • by HipToday (883113)
      If I could, I'd mod this redundant. Where I come from boss == wife.
    • Re: (Score:2, Funny)

      by Anonymous Coward

      Peace, at last !

      No more stupid ring tones, no more boss (or wife) calls...

      GREAT !

      Hello quiet my old friend.
      Within the SMS of silence.

      • Hello quiet my old friend. Within the SMS of silence.

        I've noted that pop-culture references to more than 40 years ago do not do well here on the slashdots. (Modulo Star Trek, of course.)

        • What? I got it. Heck we make Burma Shave jokes around here.

          • > Heck we make Burma Shave jokes around here.

            Despite the fact that there are only three of us here who have seen an actual Burma Shave sign.

  • by PPH (736903)
    ... how do I address this 'SMS of death' message to all the phones in my immediate vicinity?
    • Re:So ... (Score:4, Funny)

      by kenrblan (1388237) on Friday January 07, 2011 @11:38AM (#34791396)
      You might need to define vicinity. One option is to send the programmatically SMS of death to every possible combination of mobile phone numbers within you area code. That might hit a few that have roamed outside your area, but would largely accomplish your task.
      • Might be a bit expensive though.

        • by AndrewNeo (979708)

          That's what unlimited text messaging plans are for!

        • by eleuthero (812560)
          Google voice? (they warn that abuse will get sms privileges taken down) but after that happens, there's always AT&T... maybe start with them... their webpage allows sending of sms for free.
          • there's always AT&T... maybe start with them... their webpage allows sending of sms for free.

            ...and there you go. (SMSes of death * shellscript) / unsecured wifi = weapon of mass pwnage.

            • by Firehed (942385)

              Or just email the magic SMS emails. phonenumber@vtext.com and things of that nature. (See 'List of SMS Gateways' on Wikipedia, slashdot has somehow prevented me from pasting the url into the damn box)

        • by mcgrew (92797) *

          Not if you have a BOOST or similar carrier (flat $50/month fee)

      • by TheL0ser (1955440)
        Why limit yourself to your area code? Especially if you live near a college, there's going to be multiple area codes all in one space. The only solution is to wardial the SMS from (000)000-0000 to (999)999-9999 and repeat. Skipping some whitelist of numbers, of course.
        • by jo_ham (604554)

          And if you're in the UK, you'd be stuck too, since all mobile numbers start 07, and have nothing to do with your local area code which only apply to landlines.

        • (000)000-0000 isn't a valid number. The lowest number the area code can be is 201 (first digit [2-9], rest [0-9]). However, the area code can't end in 11, to avoid confusion with 911 and similar numbers.

          Also, 555-0100 through 555-0199 are reserved for use in fiction (though other 555 numbers are valid).

          Source: http://en.wikipedia.org/wiki/North_American_Numbering_Plan#Current_system [wikipedia.org]
          • Oh, additionally, the second group of three digits (the 555 in a 555-XXXX number) can't be 0 anything or 1 anything, so the phone doesn't get confused and try to do an operator assisted or long distance call.
            • Hmm, that would give a regex of: [2-9]([02-9][0-9]|1[02-9])([2-46-9][0-9]{6}|5[0-9][0-46-9][0-9]{4}|555[1-9][0-9]{3}|5550[02-9][0-9]{3})
              (I know, I know, a regex is for matching, not for iterating, but since I'm not using any variable-length operators, you could iterate based on that pattern.)
              Of course, that doesn't account for unassigned/unused [wikipedia.org] NPAs; removing those from the list would shorten it considerably.

        • by yakatz (1176317)
          In North America, phone numbers are always in the form NXX-NXX-XXXX, with N being a digit from 2-9 and X being a digit from 0-9.
          Instead of 10,000,000,000 permutations, you only have 6,400,000,000
          It is called NANPA [nanpa.com] and there are a few other reserved numbers mixed in (for example, in an NXX group, both Xs can not be 1 to avoid confusion with N11 services such as 911).
          Wikipedia [wikipedia.org] also has a good article about this.
      • by demonbug (309515)

        You might need to define vicinity. One option is to send the programmatically SMS of death to every possible combination of mobile phone numbers within you area code. That might hit a few that have roamed outside your area, but would largely accomplish your task.

        Nah, that would never work where I live. University town, nobody bothers to get a new phone number when they move across the country these days. I think we better hit all the mobile numbers, just to be sure. Make sure you sign up for unlimited messaging first, though.

      • by rdnetto (955205)

        1. Carry a picocell base station around with you.
        2. Send SMS of death ...
        3. Profit

        It's worth noting that it isn't necessary to send the SMS, since you can silently block all calls/texts if they're connecting to your station.

    • by mikael (484)

      They set up their own base station using free software. That gives them access to the phone numbers. Then it would just be a matter of sending the SMS messages Even a standard wireless modem would allow a regular PC to send SMS messages via AT commands for GSM/CDMA wireless modems. Some phones support "long messages" which are just short messages chained together by software. There is a maximum of 160 characters with Latin alphabets and 70 characters with Chinese or Arabic alphabets (unicode?). That seems t

    • by Graff (532189)

      ... how do I address this 'SMS of death' message to all the phones in my immediate vicinity?

      Use a cell broadcast [wikipedia.org]!

      • by GNious (953874)

        So set up a fake cell-tower thats configured to get all nearby phones onto it, and then blast them with an SMS Of Death ...

        Me likes...

    • Use the cell broadcast service, that's what it's for.

  • by Even on Slashdot FOE (1870208) on Friday January 07, 2011 @11:35AM (#34791332)

    Sending the "SMS of Death" has become common practice at theaters in order to finally force people's cell phones to stop ringing.

  • So this SMS of death, won't cause the handset to beat the user to death with his/her own shoes ? How bitterly dissapointing.
  • Sure, you might get a few hackers who do it for curiousity to a few numbers with a few types of phones, but eventually they'll get bored and move on to something else. Unless its easy to create binaries that can do something useful to a crim and its easy to send these binaries to ALL types of phones fast then criminal hacker types are unlikely to get involved since its far easier to earn money screwing around with PCs.

    • If the telcos really can't stop this you could make some good dough holding their network for ransom. They wire you some cash (not too much, it has to be much cheaper for them to pay, stay in the 5-digit range) or you bring all their phones down. During the ransom call (make sure you've got the guy on a wired phone) you demonstrate your attack on everyone in the office (not using the same source as the actual attack of course, probably best to use an untraceable prepaid or stolen SIM with a USB GSM adapter

      • Have you seen how teenagers text lately. I'd almost have a hard time figuring out if a legitimate text was binary or not...
  • by rsilvergun (571051) on Friday January 07, 2011 @11:46AM (#34791524)
    I had a cheap Virgin Mobile, and if you looked at it funny it would crash.
    • by Nadaka (224565)

      I had a cheap virginmobile too at one point. It was a rusted out deathtrap of a ford escort that was given to me for free by my older brother. The passenger door was held shut by a bungee cord, the drivers seat bolts were rusted out making it unattached, it vented thick smoky exhaust directly into the cabin through a gaping hole in the dashboard.

    • by mcgrew (92797) *

      You should have seen the LG I had five or six years ago. Crash? It would do all sorts of crazy things, like the screen going backwards, upside down, display garbage.

      I sent it back under warrantee, and the one they replaced it with was even worse.

      So no more LG tech for me, they obviously have some horrible quality control.

    • Did you try looking at it serious?
  • Article didn't really make it clear. Does it render the phone useless enough to require a replacement, or can service be restored? If the former, it strikes me that a company could surreptitiously use this to try to force a customer into renewing their contract with a new phone?
    • by ODSMonkay (884440)
      I could definitely see AT&T doing this. We see your contract has expired and your phone is now a paperweight.
    • by tlhIngan (30335)

      Article didn't really make it clear. Does it render the phone useless enough to require a replacement, or can service be restored? If the former, it strikes me that a company could surreptitiously use this to try to force a customer into renewing their contract with a new phone?

      A power cycle usually fixes it.

      However, sometimes the SMS that killed the phone would crash it before the SMS could be acknowledged, so right after re-registering on the same network, the phone would get the SMS again and crash. Usin

      • by arth1 (260657)

        However, sometimes the SMS that killed the phone would crash it before the SMS could be acknowledged, so right after re-registering on the same network, the phone would get the SMS again and crash. Using a non-vulnerable phone to retrieve the problematic SMS fixes it. Or you can just live without a cellphone for a few days untilt he SMS times out.

        Or pack the phone in hat liner, turn it on, turn off automatic SMS acceptance, restore service, and say "no" to the next SMS.

  • Another pro for using Google Voice and blocking SMS on my cell
  • I was getting 404 errors following the original URL.

    Corrected URL below:
    http://www.technologyreview.com/communications/27021/?p1=MstRcnt [technologyreview.com]

  • it's a feature phone!

  • The article is really light on details, but what about these messages cause a phone to crash? Is the phone executing what is supposed to be textual data? Is this certain data just causing a buffer overflow somewhere? What is actually happening?
    • by maxume (22995)

      They are executing binary data. User messages are supposed to be text, but the carriers also use the SMS infrastructure for other things.

    • by digsbo (1292334)

      For specific purposes carriers may provision SMSC (short message service centers) and GMSC (gateway message service centers) to send binary data to interact with applications on the mobiles.

      In practice, this is very rare because the carriers have known for a long time that binary payloads may be susceptible to misuse for malicious reasons. Thus, very few originators of short messages are permitted to send binary payloads (or at least when I was doing this a few years ago, maybe now it's different).

      This is

      • by u38cg (607297)
        It depends how smart your network provider is. Certainly in the UK, when I was an engineering student people were mucking around with this and all networks would pass on binaries without regards to the source.
  • And people scoff at my 14 year old Qualcomm QCP-1900 [streettech.com]. I'd send them all an SMS of Death, if my phone could send text messages... (sigh) Still. Try defending yourself from a mugger with a Droid or iPhone - hah!
    • by operagost (62405)
      But I can see that the phone supports text messages right from the page you linked to... ?
      • Maybe the GP's phone plan doesn't include text messages.
        • The phone can receive text-messages, but only from the provider -- for things like usage alerts. I originally got it from PrimeCo, now nTelos in my area. The phone was $200 in 1998 and my plan is $15/month (w/taxes) -- no minutes, but I only use it occasionally/for emergencies -- still, it has 6 hours of talk and 2 weeks of standby.

          Someday I may get a current phone, when I have more people to call :-(

          • You could fo to a real low end phone like tracfone. It works out to about $6 a month for a small number of minutes. Of course, you would have to put a brick in your pocket to get the same amount of exercise as lugging around one of the older phones.
  • by Anonymous Coward

    That's not an SMS of death....merely an SMS of irritation.

    An SMS of death would involve the recipient's head exploding. Literally.

    A signal that could cause the Li-ion batteries to forcibly discharge at once might qualify, as well, but I wouldn't want to make that call. (pun intended)

  • What happens if you've blocked all incoming text messages (even from the provider)?

    (Which subsequently produces meat-space spam to arrive I've found.)
    http://www.supercars.net/gallery/132464/1542/873030.jpg [supercars.net]
  • twice ridiculous (Score:5, Informative)

    by toolz (2119) on Friday January 07, 2011 @01:26PM (#34793160) Homepage Journal

    1.This post (and the linked-to article) make a great effort to hide the name of the "conference in Germany". $deity knows why, but the conference was the 27th Chaos Communication Congress (27C3) [events.ccc.de], organised by the Chaos Computer Club [ccc.de].

    2.The "SMS of death" was not new in any way - it was well known and discussed back in 2008 at the 25C3. What the researchers effectively showed was that the manufacturers and the GSM networks had *still* not fixed the problem, even years later!

  • by Anonymous Coward

    Motorola is WAY ahead of these guys. My Motorola CLIQ with "Blur" already shuts itself off randomly and for no evident reason. Who needs a hacker to remotely shut off your phone against your will when the feature is already built-in? :)

  • I used to be able to send an instant message over AOL that would cause the other user's CD-ROM drive to open. It was hilarious while it lasted. There were similar exploits that would boot them off the service.
  • Even the names of the old tools, Teardrop and Boink, would be suitable... good times

  • It might be highly amusing to expose people for the technocrack addicts that they are. Oh my god! My phone won't work, what ever shall I do?!? Let me just curl up into a ball under this park bench until its working again.
  • by salmosri (1051404) on Friday January 07, 2011 @03:05PM (#34794602) Homepage
    Anyone know what to put in the message? Just for research purposes....

Those who do things in a noble spirit of self-sacrifice are to be avoided at all costs. -- N. Alexander.

Working...