CanSecWest: Researchers Show Off Method For Disabling Phones Via SMS

VANCOUVER–A pair of security researchers from Germany demonstrated several techniques at the CanSecWest conference here Wednesday that enable them to remotely reboot, shut down or even completely disable many popular mobile phones with SMS messages.

SMS CanSecWestVANCOUVER–A pair of security researchers from Germany demonstrated several techniques at the CanSecWest conference here Wednesday that enable them to remotely reboot, shut down or even completely disable many popular mobile phones with SMS messages.

The technique that Nico Golde and Collin Mulliner discussed relies on setting up a GSM network and sending specially crafted SMS messages to handsets. The pair showed a video demonstration of phones from a wide range of manufacturers, including LG, Sony Ericsson, Nokia and others rebooting, freezing and generally acting flaky after receiving the crafted SMS messages they sent.

The researchers only tested their methods on so-called feature phones, not smartphones such as Android devices or iPhones. The reason, they said, is that feature phones still are far more prevalent in most of the world than smartphones are, so the target area is much larger.

“The good thing is that there’s no user interaction needed and the attacker can be anywhere in the world,” said Mulliner. “We don’t need proximity to the device.”

The researchers set up their own GSM network using a laptop running OpenBSC and targeted various phones that they purchased on eBay. The targets included a Nokia S40, a variety of LG handsets and Sony Ericsson devices. The messages they sent included a binary payload and in at least one case, they were able to completely brick one of the Sony Ericsson phones.

In other cases, the SMS messages caused the phone to reboot or freeze on a startup screen. In general, the malicious messages weren’t visible to the user and didn’t register in the phone’s SMS log, so the user would have little chance of figuring out what caused the phone to reboot or freeze.

On one of the LG handsets, Mulliner and Golde were able to remotely lock the phone, which, if the PIN option is set, can permanently disable the handset. That method leveraged a buffer overflow in the MMS notification system that the LG handset uses.

Suggested articles

Discussion

  • G Bickers on

    time to go with a protection app for your mobile device

    we've checked out Lookout 

    https://www.mylookout[dot]com/

    and been very impressed.  award winning Android app.

  • Anonymous on

    This is not the only GMS issue that is out there. GMS needs to be fixed ASAP.

  • Anonymous on

    It's actually pretty well known --has been known for a while, too-- that handsets are mostly tested against the few types of base stations Out There and, er, that's it. Malicious input checking? Never needed; all the base stations are made by just a few manufacturers, right? Right?

     

    Well, that's what OpenBSC changed. Phones are still back where computers were back in the eighties. And now we can poke at them. There's more where this came from. Far more.

  • Anonymous on

    Well, this shouldn't be a surprise, as that all phones control signals are sent over SMS, text messaging is just piggy backing on this

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.