Text hackers may threaten cell phones
Hackers could take down cellular networks by inundating their popular text-messaging services with spam, researchers say.
Such an attack is possible, the researchers say, because cell phone companies provide the text-messaging service to their networks in a way that could allow an attacker who jams the message system to disable the voice network as well.
And because the message services are accessible through the Internet, cellular networks are open to the denial-of-service attacks that occur regularly online, in which computers send so many messages or commands to a target that the rogue data blocks other machines from connecting.
By pushing 165 messages a second into the network, said Patrick D. McDaniel, a professor of computer science and engineering at Pennsylvania State University and the lead researcher on the paper, "you can congest all of Manhattan."
 | ||
| | |
 For the latest breaking news, visit NYTimes.com Sign up to receive top headlines Get Dealbook, a daily corporate finance email briefing Search the jobs listings at NYTimes.com Search NYTimes.com: | ||
| ||
| ||
Cellular companies acknowledge that such attacks are possible, but say that they have developed systems to prevent effective ones.
"If you're not prepared, that could happen," said Brian Scott, senior manager for wireless messaging operations at Sprint. "If you are prepared and you have means in place to identify, detect and mitigate that, it's not as much of a concern."
Other specialists said such systems would face many of the same obstacles as those that try to block denial-of-service attacks, one of the thorniest problems in countering hackers.
"The solutions don't tend to be very elegant" in the Internet world, said Gary McGraw, chief technical officer of Cigital, a security consultant to the computing and telecommunications industries. "And I believe it will be the same thing on cell phones."
In their research, the authors concluded that all major cellular networks were vulnerable, and that a single computer with a cable modem could do the job. The researchers do not appear to believe that anyone has deliberately disrupted cell phone networks in this way, although it appears to have occurred by accident in other nations.
The text-messaging system, called SMS for short messaging service, is an increasingly important part of the cellular network. Aside from its popularity with users, especially teenagers, it has gained prominence as a way to communicate when voice networks fail, as in emergencies like the terrorist attacks on Sept. 11, 2001.
The system works even when cellular calls do not because text messages are small packets of data that are easy to send, and because the companies transmit them on the high-priority channel whose main purpose is to set up cell phone calls.
But therein lies part of the vulnerability, McDaniel said. The control channel cannot handle large amounts of data, he said, so by flooding the channel with messages, it is possible to prevent voice calls from going through.
"This is a traffic-jam problem," he said. "You're sending too many cars down a two-lane road."
Specialists not connected with the study said that weak link, combined with computers' ability to automatically repeat Internet processes at blinding speed, added up to a serious threat.
"Any time a vulnerability in the physical world exists that can be exploited via computer programs running on the Internet, we have a recipe for disaster," said Aviel D. Rubin, technical director of the Information Security Institute at Johns Hopkins. "It is as though those who wish to harm us have a magic switch that can turn off the cellular network."
The Penn State researchers said that once they began exploring the vulnerabilities of the network, they proved their concepts on a small scale by using their own cell phones.
"We were very, very careful," McDaniel said. "We never sent more traffic than was necessary."
Their research proved that blocking networks was possible, a conclusion they later verified in private conversations with telephone company engineers and government regulators, he said.
One challenge for would-be attackers, according to the paper, is pulling together a list of working cell phones in a specific geographical area. But that, too, is made simpler via the Internet; the authors describe a process using Google and some search tricks that allowed them to collect 7,308 cellular numbers in New York City and 6,184 from Washington "with minimal time and effort." Though the vulnerability is serious, McDaniel said, it is still the kind of thing that could only be carried out by skilled attackers, at least for now.
"It seems to me unlikely that a small number of unsophisticated users would be able to mount this attack effectively," he said.
The paper, to be posted online at
Cellular companies said they were moving forward on this and other security issues.
A spokesman for Cingular, Mark Siegel, said his company "constantly and aggressively monitors potential threats to the integrity and security of its network," but added, "As a rule, we don't comment on the defensive measures we have put in place or may put in place."
Dave Oberholzer, a marketing manager for information at Verizon WirelessVerizon Communications, said the company was well protected against this kind of attack because of software the company had put in place to insulate users from cell phone message spam. "We have fairly robust spam filters on those gateways," he said. "All of that is pretty much automated at this point."
McGraw, the chief technical officer of Cigital, said the goal of research like the Penn State paper was not to help hackers scale new heights, but to alert companies to problems before someone exploited them.
Getting the word out "has to be done very responsibly and very carefully," he said. "You don't want people to panic, but you do want them to sit up take notice and do something about it."
Entire contents, Copyright © 2005 The New York Times. All rights reserved.