Crash a Mobile Phone by Sending an SMS

How to Crash a Mobile Phone by Sending an SMS: Nokia 6210, Nokia 3310, Nokia 3330 has Software BUG!

Broken message, frozen phone - By John Leyden

Black Hat Europe So now you can send an SMS and crash a mobile phone, so that the user is locked out.

Job de Haas, a security researcher at ITSX, has adapted a program called sms_client, which sends an SMS message from an Internet-connected PC, in which the User Data Header is broken.

During a presentation during the Black Hat conference last week, he demonstrated how a malformed message crashes a Nokia 6210 phone on its receipt. Once the message is received it is impossible to turn on an infected phone again.

The vulnerability is tied to the software used by a phone. The flaw affects Nokia 6210, 3310 and 3330 phones, de Haas has discovered, but not a Siemens phone he tried. Phones from other manufacturers are yet to be tested.

To fix the problem users have to put a SIM card into a phone without the bug. Alternatively if the SMS message is registered in a user's In-box this could be deleted with a SMS management tool on a PC.

To repeat the exploit requires knowledge of SS7 signalling and telco protocols to adapt sms_client into an attack tool. But given the power of the attack security through obscurity doesn't appeal. The kicker is that the modified sms_client makes it trivial to spoof the source of any attack.

Nokia told us that sending a message which freezes a phone is "something it encountered" before. The company is unfamiliar with the exploit uncovered by ITSX, which comes as a new twist even to clued-up Black Hat attendees. It promises to get us a more detailed technical response, and we'll update you when this becomes available.

Source: http://www.theregister.co.uk/2001/11/28/how_to_crash_a_phone/