Malicious SMS messages could knock out the entire US mobile phone network, according to researchers.
Hackers armed with a network of zombie computers could exploit weaknesses in the texting protocol to take the whoel system, security boffins at Pennsylvania State University have claimed.
It is easy enough to build up databases of mobile numbers from specific regions and then flood those numbers with unwanted text messages. Attackers could use publicly available websites or messaging clients on zombie computers to send the text messages, which could eventually jam up the mobile towers that carriers use to send and receive SMS messages.
Because mobile phones use the same small portion of radio frequency, called the control channel, to both set up calls and send SMS messages, a flood of SMS messages could overwhelm a tower and effectively prevent any telephone calls from going through.
This denial-of-service (DoS) technique has been successfully used for years to take down websites, but to date, it has not been used on mobile networks. To be most successful, the attack would need to target telephones within a certain geographic region, but the researchers said that this can be done by using public databases and creative Google searches.
In fact, it would take little more than a cable modem to deny service to large metropolitan areas in the US. For example, a city the size of Washington DC, could be taken out by a DoS attack with a bandwidth of about 2.8Mbit/s, they said.
"The amount of bandwidth that's allocated to the control channel is exceedingly small," said Patrick McDaniel, a professor of computer science and engineering at the university and one of the authors of the report. "The reason why we can mount this attack with so few messages is the fact that there's so little control channel bandwidth to be congested."
In fact, some European networks have already been overwhelmed when legitimate SMS messaging has hit unexpectedly high levels, McDaniel said. "It's happened by accident," he said.
Though McDaniel and his fellow researchers said they expect US carriers to change practices in response to their research, the report did not come as a surprise to some.
"We're aware of this potential, and it is a very limited potential," said John Polivka, a spokesman for Sprint Nextel. "We have measures in place now to protect the network and our customers, including what's been described in this paper."
Even a successful attack would, at best, shut down most networks for only a short period of time, said Shiv Bakhshi, director of wireless infrastructure research with IDC. "Every network operator has to be aware of this," he said. "If for no other reason than they have seen such clogging with the legitimate use of SMS messaging."
Still, the researchers have a few basic recommendations that could significantly mitigate the risk of this type of attack, McDaniel said. Mobile operators could, for example, separate the text messaging and phone call initiation features within the control channel. They could also make it harder for attackers to do on-line reconnaissance by reducing the amount of information they provide on the Internet, he said.