Dumb phones can be attacked too
Researchers say they can send specially crafted SMS-type messages to non-smartphones, kicking the user off the network or even crashing the phone.
Much of the discussion of security threats to mobile phones revolves around smartphones, but researchers have found that less advanced "feature phones," still used by the majority of people around the world, also are vulnerable to attack.
Feature phones have Web browsing, MP3 players, and other programs standard voice-only phones lack, but they have less computing power and feature integration than smartphones.
Because security research on feature phones has been eclipsed by research on popular smartphones like Android and iPhone, mobile researcher Collin Mulliner said he decided to turn his attention to the lower-end phones. After all, so many people are still using them. (Mulliner and another researcher demonstrated an SMS-type attack on my iPhone at the BlackHat security conference in 2009).
Mulliner, a PhD student at Technical University Berlin, and one of his master's degree students, Nico Golde, discovered a way to knock people using feature phones off the mobile network and even crash the phones entirely. They did this by writing special software to send SMS-type messages to the phone that used special characters, which caused the device to disconnect from the network, Mulliner told CNET today. In some cases, the phone would just shut down after several such messages were sent, he said.
The code needs to be written specifically to target the individual mobile phone brands and Mulliner found that it worked on feature phones from all the major manufacturers. The researchers contacted Nokia, Sony Ericsson and Motorola, but are still trying to reach Samsung and LG, he said.
So far, the manufacturers are taking the matter seriously, according to Mulliner. For instance, Nokia said they would fix the problem, which is not evident in their brand new feature phones, he said.
The researchers demonstrated an attack during a presentation entitled "SMS-o-Death" given a few weeks ago at the Chaos Communication Congress, a hacker conference in Berlin. They did not publish the code to conduct these attacks.
Attackers, if they were were able to write attack code from scratch on their own, could send the malicious code as an SMS directly to a phone number, or cut and paste it into a Web form of an online-based SMS sending service, according to Mulliner.
Speculating on possible motivations for wanting to attack phones in this way, Mulliner said someone could target a specific executive or government official for financial or political purposes or launch a large-scale attack on a multitude of phones to try to blackmail or harm a carrier's business.
The easiest way to solve the problem would be for manufacturers to produce updates for the phones, but because there is no automatic update process as with smartphones, they would have to notify customers to download an update from the manufacturer Web site, Mulliner said.
Also, carriers could send an alert to customers about the availability of an update and could even update the phone software remotely for the phones that support that, he said. Meanwhile, operators could filter out dangerous messages before they reach the phone, if they monitored for the specific attack code as identified by the researchers for each brand of phone.
"Basically, you can't do anything about it if you have a vulnerable phone," Mulliner said, when asked what individuals can do to protect themselves. "People should contact the manufacturer to ask for an update and ask the operator to protect them by filtering out the messages."