New Attack Can Disable Phones Via SMS 62
Trailrunner7 writes "A pair of security researchers from Germany demonstrated several techniques at the CanSecWest conference here Wednesday that enable them to remotely reboot, shut down or even completely disable many popular mobile phones with SMS messages. The technique that Nico Golde and Collin Mulliner discussed relies on setting up a GSM network and sending specially crafted SMS messages to handsets. The pair showed a video demonstration of phones from a wide range of manufacturers, including LG, Sony Ericsson, Nokia and others rebooting, freezing and generally acting flaky after receiving the crafted SMS messages they sent."
Already presented at 27C3 in Berlin in December (Score:4, Informative)
The presentation from the 27th Chaos Communication Congress in Berlin last December (http://events.ccc.de/congress/2010/Fahrplan/events/4060.en.html) is available at http://www.youtube.com/watch?v=8bkg3AjY6fs [youtube.com] or http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-4060-en-attacking_mobile_phones.mp4 [fem-net.de] .
Re:Next up twitter? (Score:2, Informative)
I don't think you realize exactly what SMS is.
SMS was originally a control channel designed for sending configuration and command messages. Then someone noticed it could be used to little text messages "out of band", and shortly after people started using it for mostly that.
The SMS spec defines all sorts of things you wouldn't believe. You can send binary messages that configure all sorts of things on the handset, or pop up messages on the phone, or even get delivered to applications that are running on the phone or sim card. The sim card is actually a small computer, it has storage, ram, and a processor, some sim cards even run a java variant VM (JavaCard), and they can communicate with the handset using AT commands (how cool is that) and the network with SMS.
There is a complete port-based delivery system, a hugely complicated encoding mechanism, a complete spec for how to encode xml into compact binary form (wbxml), and dozens if not hundreds of different specs for various messages that can be sent. Want to configure the access points on a phone? yep it can. Want to configure the home page of the browser? yes, download a ringtone? yep, send a picture? of course.
Now consider the number of handset manufactures, the number of different handsets, with different firmware, and the varying range of support for all these things. It's absolutely no surprise you can crash a phone with a well (or badly) crafted message.
Re:Oh, No. Carriers and Phone Manufacturers will (Score:4, Informative)