IDG News Service - Hackers armed with a moderate-size network of zombie computers theoretically could knock out cellular service throughout the U.S., according to security researchers at Pennsylvania State University.
In a report published yesterday, the researchers explained how such an attack could exploit weaknesses in Short Messaging Service (SMS), which is used to send and receive text messages between mobile phones.
By engaging in a little creative hacking, attackers could build up databases of mobile numbers from specific regions and then flood those numbers with unwanted text messages. Attackers could use publicly available Web sites or messaging clients on zombie computers to send the text messages, which could eventually jam up the cellular towers that carriers use to send and receive SMS messages from mobile phones.
Because mobile phones use the same small portion of radio frequency, called the control channel, to both set up calls and send SMS messages, a flood of SMS messages could so overwhelm a cellular tower that it would effectively prevent any new telephone calls from going through.
This technique, called a denial-of-service (DoS) attack, has been used successfully to take down Web sites, but to date, it has not been used on cellular networks, the researchers said.
To be most successful, the attack would need to target telephones within a certain geographic region, but the researchers said this can be done by using public databases and creative Google searches.
In fact, it would take little more than a cable modem to deny service to large metropolitan areas in the U.S. For example, a city the size of Washington could be taken out by a DoS attack with a bandwidth of about 2.8Mbit/sec., they said.
"The amount of bandwidth that's allocated to the control channel is exceedingly small," said Patrick McDaniel, a professor of computer science and engineering at Penn State and one of the authors of the report. "The reason why we can mount this attack with so few messages is the fact that there's so little control channel bandwidth to be congested."
Some European networks have already been overwhelmed when legitimate SMS messaging has hit unexpectedly high levels, McDaniel said. "It's happened by accident," he said.
Though McDaniel and his fellow researchers said they expect U.S. carriers to change practices in response to their research, the report did not come as a surprise to some.
"We're aware of this potential, and it is a very limited potential," said John Polivka, a spokesman for Sprint Nextel Corp. "We have measures in place now to protect the networkand our customers, including what's been described in this paper."
Even a successful attack would, at best, shut down most networks for only a short period of time, said Shiv Bakhshi, director of wireless infrastructure research at IDC.
"Every network operator has to be aware of this," he said. "If for no other reason than they have seen such clogging with the legitimate use of SMS messaging."
Still, the researchers have a few basic recommendations that could significantly mitigate the risk of this type of attack, McDaniel said. Mobile operators could, for example, separate the text messaging and phone call initiation features within the control channel. They could also make it harder for attackers to do online reconnaissance by reducing the amount of information they provide on the Internet, he said.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
