 |
 |
|
November 28, 2003Cell Phone Security Weakness: DoS via SMSNow here is something I haven't thought about until today. Apparently cell phone providers do not currently have a way to block SMS messages during an attack... which means you can launch a Denial of Service by flooding a cell phone with text messages. What is worse is that while these messages are coming in (and you try to clear them) your phone cannot be used for sending or receiving calls. Security of handhelds are far too lax, and this is something I have been considering for a while now. My own Intrusion Prevention System could easily be ported to PocketPC, but I haven't figured out if anyone would actually BUY it. I am waiting till the main product launch before I do some market research to see what the market thinks. Sometimes I think the attack vector is huge with these things.... kinda like the old modem back doors in corporate networks. I beam you a trojan.. wait till you sync to your desktop... and then go to town. So, if you have SMS... you might want to turn it off. Especially if you get billed for each incoming message. Nothing like being DoS'd and then getting a bill for $50 in messenging charges to boot! Posted by SilverStr at November 28, 2003 11:25 AM | TrackBackComments
Every once and a while someone will sit on their phone wrong and flood me with messages. I'd get them all at once, quite annoying. Not as bad as when someone sits on their phone and calls you though.... :) Posted by: Arcterex at November 28, 2003 12:05 PMHey, don't look at me. I have enough sense to lock my keys :) Posted by: SilverStr at November 28, 2003 12:11 PMI've never thought of it until now, but ever since I got one of those Samsung flip phones, I've never ever accidentally called someone... eg when leaning against a counter or something. Posted by: Wim at November 29, 2003 12:08 AMThis Boggles the mind - really it does! I created a simple demo to hilite exactly the SMS problem you described above! Please visit: http://applesandoranges.netfirms.com/ Don't send 1000 SMS messages or it'll cost a Cingular customer $100. Geez, security sucks! Thanks! Posted by: vengy at January 12, 2004 10:44 AM |
 
My 5 Favorite Books
Writing Secure Code
Secure Programming Cookbook Security Engineering Secure Coding Principles & Practice Inside the Security Mind
My 5 Favorite Papers
Smashing the Stack
Penetration Studies Covert Channel Analysis of Trusted Systems DoD Trusted Computer System Evaluation Criteria NSA Security Recommendation Guides
Archives
September 2007
August 2007 July 2007 June 2007 May 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 October 2004 September 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004 February 2004 January 2004 December 2003 November 2003 October 2003 September 2003 August 2003 July 2003 June 2003 May 2003 April 2003 March 2003 February 2003 January 2003 December 2002 November 2002 October 2002 September 2002 August 2002 July 2002 |
|
