Researchers at Pennsylvania State University have determined that it's possible to launch an effective denial of service attack on cellphone networks, either in a localized area or nationwide, by flooding known cellphones in the area with SMS messages (see summary, paper and NYTimes article). The attack relies on using web and Internet-based SMS portals to overwhelm the wireless data-band, which is also used for connecting voice calls. Since only messages that are actually delivered over-the-air contribute to the network congestion, attackers would first need to generating a "hit-list" of known-valid cellphones (for example, by scraping websites for cellphone numbers in a given prefix and then slowly testing those for SMS capability before starting the attack).
One snippit from the paper I found interesting was how different cellphone providers deal with a backup of SMS messages awaiting delivery to a single user (e.g. when the cellphone is turned off): AT&T buffered all 400 test SMS messages, Verizon only kept the last 100 messages sent (FIFO eviction), and Sprint only kept the first 30 (LIFO eviction).
Posted by bug to Security at October 5, 2005 9:58 AM | TrackBack