Malicious text messages can crash many types of mobile phones, including devices by Samsung, Sony Ericsson, Motorola and LG, according to a presentation given at the Chaos Communication Congress hacking conference this week in Berlin.
Nicknamed ‘SMS of Death,’ the attacks were outlined by Collin Mulliner, a security researcher at the Technical University in Berlin and his colleague, Nico Golde.
After establishing a GSM network in their lab, the two sent thousands of messages to a variety of phones. Some phones had their calls interrupted during testing, others got disconnected from their network. Some phones, however, were “bricked,” or rendered inoperative by the malicious text messages.
Phones by Samsung for example were particularly hit hard when sent multi-part text messages. Phones by the handset manufacturer LG were also found to be adversly affected by strategically-composed MMS messages.
These types of phones, known as “feature phones,” still comprise 85 percent of the world’s cell phones. While they allow their users to listen to MP3s and surf the web, they’re less advanced than Androids and iPhones and rarely receive firmware updates.
As smartphones grow more popular, so do their security shortcomings. This summer brought the first SMS Trojan for Android. And cracks were also found in code for the iPhone and Blackberry. This week, researchers at Lookout Security said they had discovered a data stealing Trojan horse program that works on Android phones and that communicates with botnet-style command and control servers on the Internet.
Mulliner encouraged manufacturers carry out more stringent firmware updates for older phones, warning that ‘SMS of Death’ attacks are further proof that attackers’ aren’t completely focused on newer smartphone platforms.