Researchers Reveal SMS-Based Denial of Service Attack Against Popular Phones

Security researchers claim that many feature mobile phones, including some of the most popular models in the world, are vulnerable to SMS-based attacks which can disconnect them from the network or force them to shutdown.

Dubbed the "SMS of Death," this type of attack was presented on Monday at the 27th Chaos Communication Congress (27C3) in Berlin by German telecommunications security researchers Collin Mulliner and Nico Golde.

The two researchers, who work for the Technical University of Berlin's Department of Software Engineering and Theoretical Computer Science, created their own local GSM network in the lab and tested how various devices behave.

It didn't take too long for Mulliner and Golde to discover serious problems with how certain phone models parse SMS messages.

It turns out that just like serving malformed inputs to computer software can generate denial of service conditions, specially crafted SMS messages can trigger crashes on mobile phones.

This was tested on popular models like Nokia S40 and similar, Sony Ericsson W800 and related ones, LG 320, Samsung S5230 Star and S3250, Motorola RAZR, ROKR, SVLR L7 or Micromax X114.

For example, when receiving certain SMS messages, many of the tested Nokia and Sony Ericsson phones experience white screens and shut themselves down.

However, because this happens before they acknowledge receiving the SMSs, the network keeps trying to deliver the messages every time they connect back, which leads to a shutdown loop.

The only method to stop the attack is to take the SIM out and plug it inside a device that isn't vulnerable, so that the SMS receipt can be confirmed.

H Security reports that Samsung devices restart when receiving special multi-part text messages and that their SMS reading function is completely disabled after parsing so called "silent texts."

The LG models experience memory overflows in certain MMS fields, the Motorola phones disconnect from the network, while the screen on Micromax devices goes blank.

The problems is even more serious because even if fixes are provided, installing firmware updates on feature phones is not a common practice for users.

"Manufacturers need to find a way to do firmware updates, and make sure to advertise them," Mulliner said, according to Wired.