New Attack Can Disable Phones Via SMS 62
Trailrunner7 writes "A pair of security researchers from Germany demonstrated several techniques at the CanSecWest conference here Wednesday that enable them to remotely reboot, shut down or even completely disable many popular mobile phones with SMS messages. The technique that Nico Golde and Collin Mulliner discussed relies on setting up a GSM network and sending specially crafted SMS messages to handsets. The pair showed a video demonstration of phones from a wide range of manufacturers, including LG, Sony Ericsson, Nokia and others rebooting, freezing and generally acting flaky after receiving the crafted SMS messages they sent."
/. News Network (Score:3)
Today the top story is things we've already reported on. In related news, movie theaters now want to get your cell number when you buy a movie ticket.
Old news (Score:1)
Re: (Score:2)
Re: (Score:1)
Features Phones But Not Smart Phones? (Score:2)
The pair showed a video demonstration of phones from a wide range of manufacturers, including LG, Sony Ericsson, Nokia and others rebooting, freezing and generally acting flaky after receiving the crafted SMS messages they sent.
They don't provide any real details or model numbers. They don't mention Android, iOS or Blackberry so they probably can't hit a smartphone with this attack. But there are enough feature phones out there that they can weak havoc.
Re: (Score:1)
Boy it would be nice to actually see said video...
Re: (Score:3)
Why not just have someone send you a message?
Re: (Score:2)
Re: (Score:1)
It should be there
Re: (Score:3)
FTA
"The researchers only tested their methods on so-called feature phones, not smartphones such as Android devices or iPhones. The reason, they said, is that feature phones still are far more prevalent in most of the world than smartphones are, so the target area is much larger."
Re: (Score:1)
From TFA:
The researchers only tested their methods on so-called feature phones, not smartphones such as Android devices or iPhones. The reason, they said, is that feature phones still are far more prevalent in most of the world than smartphones are, so the target area is much larger.
Next up twitter? (Score:4, Funny)
Seriously, how hard can it be to secure a service that consists of nothing but 180 character text messages and a sending/receiving station address? Were the designers of SMS the morons here, or the phone OS coders?
Re:Next up twitter? (Score:5, Insightful)
Were the designers of SMS the morons here, or the phone OS coders?
Probably both.
Re: (Score:2)
Were the designers of SMS the morons here, or the phone OS coders?
Probably both.
Don't forget the management, the boardroom, the bankers, and wall street in general. Its never about optimizing technology, its about optimizing the marketing options and fine print so that the corporate monolith can maximize profits. Getting it right would be counter productive to their strategy. Corporations are just like oligarchs.
Re: (Score:2)
in first phones they were the same guys.
and then later they added to the spec a number of hacky things on top of it, like chained sms's, wap settings sms's.
Re: (Score:2)
Re: (Score:2)
In general, this is what happens when you ignore the robustness principle and trust the data you are receiving to be properly formed. Several years ago I was able to crash the login process in Windows NT servers by sending invalid SMB messages, so it's not that uncommon. (This was by accident, I wasn't TRYING to crash the machines, just use them for authentication. And of course Wind
Re: (Score:2)
Perhaps that's the problem -- they assumed the messages were only 180 characters, thus were susceptible to buffer overruns. In general, this is what happens when you ignore the robustness principle and trust the data you are receiving to be properly formed. Several years ago I was able to crash the login process in Windows NT servers by sending invalid SMB messages, so it's not that uncommon. (This was by accident, I wasn't TRYING to crash the machines, just use them for authentication. And of course Windows NT was designed so that you cannot shut it down gracefully once the login process is gone...)
Thanks god nothing like that can happen today - USB driver bug exposed as "Linux plug&pwn" [h-online.com]
Rafael Dominguez Vega of MRW InfoSecurity has reported a bug in the Caiaq USB driver which could be used to gain control of a Linux system via a USB device. The bug is caused by the device name being copied into a memory area with a size of 80 bytes using strcpy() without its length being tested. A crafted device with a long device name could thus write beyond the limits of this buffer, allowing it to inject and execute code. Because the driver is included, and automatically loaded, in most Linux distributions, to execute code in kernel mode an attacker would merely have to connect such a device to a Linux system's USB port.
Re: (Score:2)
Re: (Score:2)
Can't remove it without breaking backward compatibility. But any competent developer should have already done a global search of their code base for strcpy, strcat, etc. and made sure they either did appropriate up front checks or replaced them with strncpy, strncat etc. -- preferably the latter, to keep the issue from having to be revisited in the future.
You'd think so - but did you read the article I linked to? http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftiwai%2Fsound-2.6.git&a=commitdiff&h=eaae55dac6b64c0616046436b294e69fc5311581 [kernel.org] - obviously that change was made less than a month ago.
Re: (Score:2)
Re: (Score:2)
So you're saying the caiaq is a trap?
Re: (Score:2)
So you're saying the caiaq is a trap?
By whom? And even if it where - this is about a "this type of error was made fun off 20 years ago" boo-boo inside a major OSS project unnoticed for years. If a trap that mind-numbingly stupid can avoid detection, the whole idea of "it's safe because anyone can check the source code" is destroyed by the fact that actually nobody bothers to do that thinking somebody else already has.
Re: (Score:2)
Whoosh!
Re: (Score:2)
Becasue it wasn't designed to send 180 character messages, it was a a random hack a brilliant engineer figured out after the system was built to bring in extra revenue from an existing setup.
Re: (Score:3)
Re: (Score:2, Informative)
I don't think you realize exactly what SMS is.
SMS was originally a control channel designed for sending configuration and command messages. Then someone noticed it could be used to little text messages "out of band", and shortly after people started using it for mostly that.
The SMS spec defines all sorts of things you wouldn't believe. You can send binary messages that configure all sorts of things on the handset, or pop up messages on the phone, or even get delivered to applications that are running on t
Re: (Score:2)
Neither. To perform these attacks it's necessary to set up a fake GSM "network" -- you can't do it from another phone over a carrier network. Whether this should have been anticipated and handled depends on how likely we all thought it would be that somebody would actually set up their own GSM station.
The problem isn't necessarily crappy code, it's trusting that the bits coming over the GSM network have a certain level of sanity -- this is a reasonable assumption as long as people aren't setting up their ow
Re: (Score:2)
Considering the decades long saga of phreaking that all got started because they let random people send arbirtrary commands within the network (based on the false belief that nobody would figure it all out), you'd think they would be a bit more sensitive to that sort of thing this time around.
Re: (Score:2)
Definitely the OS coders. Much the same way the IETF wasn't to blame for the ping of death [wikipedia.org].
Oh, No. Carriers and Phone Manufacturers will (Score:3)
Now Carriers and Phone Manufacturers will blame dropped calls, phone flakiness, phone failures of malicious messages from hackers. Before, it was, "well you have to expect that with radio signals" or sunspots, or that you abused the phone.
Anything for a cell phone provider to avoid responsibility for their failure to deliver services or features they promised.
Re: (Score:2)
Now Carriers and Phone Manufacturers will blame dropped calls, phone flakiness, phone failures of malicious messages from hackers. Before, it was, "well you have to expect that with radio signals" or sunspots, or that you abused the phone.
Anything for a cell phone provider to avoid responsibility for their failure to deliver services or features they promised.
Worse. They'll start implementing some sort of filtering for this, even for phones that aren't affected. And then they'll claim they're "justified" in charging through the nose and/or teeth for SMS messages (as well as increasing the price regardless, naturally) because of all these wonderful, magical filters they're providing. The fools! Why did they have to report this? They've doomed us all!
Re:Oh, No. Carriers and Phone Manufacturers will (Score:4, Informative)
GSM = long overdue. (Score:1)
Already presented at 27C3 in Berlin in December (Score:4, Informative)
The presentation from the 27th Chaos Communication Congress in Berlin last December (http://events.ccc.de/congress/2010/Fahrplan/events/4060.en.html) is available at http://www.youtube.com/watch?v=8bkg3AjY6fs [youtube.com] or http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-4060-en-attacking_mobile_phones.mp4 [fem-net.de] .
I'd never know... (Score:1)
It may be in the wild (Score:1)
I received a specially crafted SMS message the other day that caused my phone to power off. The text of the message was "Please turn off your phone."
Re:It may be in the wild (Score:5, Insightful)
Re: (Score:2)
You have received the honor system virus version b. You must now delete 10 random files from your system and forward this message to at least 4 other message boards. On Nov. 11th 2011 you must roll a 6 sided die. If you get an even number, you must wipe out your PC and reinstall from scratch.
Thank you for your cooperation.
Dupe from January (Score:2)
Using only Short Message Service (SMS) communications—messages that can be sent between mobile phones—a pair of security researchers were able to force low-end phones to shut down abruptly and knock them off a cellular network. As well as text messages, the SMS protocol can be used to transmit small programs, called "binaries," that run on a phone.
This was also covered HERE ON SLASHDOT, 'SMS of Death' Could Crash Many Mobile Phones [slashdot.org].
This is news? (Score:5, Funny)
My Palm Pre already locks up and sometimes reboots when I get a regular SMS from anybody.
I hate my phone.
Control network (Score:2)
AFAIK, SMS rides on the cell control network. I assume it works by sending SMS control messages to devices on the network. It shouldn't surprise anybody that you can break things via SMS, it is surprising that it isn't more common. Anyone know if there is an open standard for the control structure?
xkcd... (Score:1)
SMS/MMS and disconnects (Score:1)
Good thing? (Score:1)
"The good thing is that there's no user interaction needed and the attacker can be anywhere in the world," said Mulliner. "We don't need proximity to the device."
Are the researchers evil or what?
Old and wrong (Score:2)
This was demonstrated at 27c3.
Also, you don't need to set up your own network, having a Motorola C123 and a serial cable is enough.
No iPhone? (Score:2)
I noticed that the iPhone was not one of these, I guess it is funny, but they just unwittingly added a few more bucks to the price of Apple stocks......unless of course this was the plan all along. I truly wonder, unless you have some proof of concept properly defined and able to be checked by peers, just how much some of these stories are real, and others are faked. Remember that study about the shots and the MS....how the study was faked, I am sure there is a lot of rampant faking going on, at least I kno