Security Researchers Demonstrate "SMS of Death"

Mobile security concerns often center around high-power smartphones, but at the Chaos Computer Club Congress some German researchers demonstrated even feature phones are vulnerable. By setting up a small GSM test network in the lab, researchers were ab…

Mobile security concerns often center around high-power smartphones, but at the Chaos Computer Club Congress some German researchers demonstrated even feature phones are vulnerable. By setting up a small GSM test network in the lab, researchers were able to test various SMS messages with different malicious payloads. The results were startling.

The German researchers were able to find vulnerabilities in many feature phones from Nokia, Sony Ericsson, and LG. The so-called “SMS of death” had different effects on each handset. Some were just disconnected from the GSM network, others were forced to reboot, but some (including models from Sony Ericsson and Nokia) were rebooted without registering the message as received. That means the network will continue sending the message, making the phone useless. The only way to fix this issue is to put the phone’s SIM card in a non-susceptible phone. 

The researchers stressed that the same vulnerability probably exists in many phones, but they only tested a handful of popular models. If these exploits make it into the wild, unscrupulous individuals could send these messages en masse, forcing a mobile provider to pay up to stop the attack. Now that the details are known to manufacturers, future phones can avoid this problem, but existing feature phones rarely get firmware updates. Fixing current handsets might be a no-go.

phone hack

 

Swearing in Text Messages Isn’t a Crime

The boy, identified by his initials in the ruling, was convicted by a juvenile court judge in Chico, California, of sending threatening or obscene telephone communications, based on two profanity-laced text messages he sent the girl shortly after the breakup last year.

“Fuck u u stupid fuckin girl!,” read one of texts, in part.

A 16-year-old California boy dumped by his high school girlfriend didn’t violate a state obscenity law by using four-letter words in anguished text messages to his ex, an appellate court ruled this week.

“[T]he words … are generally eschewed in polite settings, which is why in court the parties and witnesses generally referred to the ‘F word’ or ‘B word’ or ‘C word,’” wrote Associate Justice Tani Cantil-Sakauye, for the unanimous three-judge panel.

“But each has acquired secondary meanings through modern usage,” the judge wrote. “In particular, the evidence was uncontradicted that these words are in common use at the high school, the venue in which the relationship existed, and in which [the defendant’s] pointed communications about his feelings were sent.”