SMS of Death
One would think that as smartphones operate along similar lines to computers they would be open to the same sort of attacks - and they are. But like computers they have anti-virus software and security measures to protect them against malware and hackers. Feature phones, which are a step above plain old cell phones in that they operate limited software so that users can play games, should, theoretically, be safer - and they are. But according to research by a team from the Security in Telecommunications department at the Technische Universitaet Berlin, the SMS protocol used in feature phones can be used to transmit binary programmes containing malicious SMS messages capable of shutting down phones.
It is called the SMS of Death because it not only shuts down a phone but as feature phones make up the bulk of the mobile phone market, it has the potential to cripple communications around the world. It is particularly dangerous because it only needs to be received for it to go to work; users don't have to open it.
Researchers Collin Mulliner (PhD student) and Nico Golde (undergraduate student) tested the effectiveness of the code in a number of different mobile phones, including LG, Motorola, Samsung, Nokia, Sony Ericsson and Micromax, and in each case the SMS was devastating. As reported by technologyreview.com, Mulliner and Golde set up a miniature cellular network, which they shielded with a Faraday cage, so that they could test sending the infected code to mobile phones and monitor the effect on the software.
They found that as software differs according to manufacturer (sometimes even from model to model) the binary programme would have to be adapted to attack specific phones. According to Mulliner, this is not as much work as it sounds because all attackers would have to do is create five different SMSes tailored to the five most popular models and they would be able to knock out a large percentage of mobile communications.
Mulliner says that should an attack occur, network operators are the only thing standing between mobile phone users and a communications blackout. The catch is that they would have to prepare fixes and ensure that firmware on existing phones remains updated.
Aur?lien Francillon, a researcher in the system security group at ETH Zurich in Switzerland, says that defending against mass attacks on feature phones will be difficult as the phones generally don't have automated updates and patches aren't available quickly enough. Francillon says that feature phones may remain vulnerable to such attacks for a long time to come and that as more attention is given to smartphones the problems may never be addressed.