The phones in many people’s pockets today are miniature personal computers, and they are just as vulnerable as PCs to viruses, malware, and other security problems. But research presented at a conference in Germany last week shows that phones don’t even have to be smart to be vulnerable to hackers.
Using only Short Message Service (SMS) communications—messages that can be sent between mobile phones—a pair of security researchers were able to force low-end phones to shut down abruptly and knock them off a cellular network. As well as text messages, the SMS protocol can be used to transmit small programs, called “binaries,” that run on a phone. Network operators use these files to, for example, change the settings on a device remotely. The researchers used the same approach to attack phones. They performed their tricks on handsets made by Nokia, LG, Samsung, Motorola, Sony Ericsson, and Micromax, a popular Indian cell-phone manufacturer.
A number of largely theoretical attacks aimed at iPhones and Android devices have made headlines over the past few years. But smart phones make up only 16 percent of the devices in use. So-called feature phones—which can do more than make calls but run only software with limited functionality, enabling their users to do such things as send text messages and play games—account for the majority of around 5 billion mobile phones in use worldwide.
Feature phones are harder to attack than smart phones because of their limitations. Their processors are less powerful, and they have less memory capacity, so they must run simpler software, which often cannot be loaded unless the carrier gives permission. Feature phones also have more varied hardware and software idiosyncrasies than smart phones do.
The security researchers who presented their work at last week’s conference, Collin Mulliner, a PhD student in the Security in Telecommunications department at the Technische Universitaet Berlin, and Nico Golde, an undergraduate student at the same institution, decided to attack feature phones over the air. They set up a miniature cellular network, using open-source software to create a base station with which to communicate with the phones. In order to broadcast malicious messages to them without putting other devices at risk, they shielded their communications by enclosing their network in a Faraday cage, which blocks radio signals.
Having a private cell network also helped Mulliner and Golde study the software running on low-end phones. By monitoring the way the phones communicated with their base station, they could discern important information about how the phones worked and how SMS messages could affect them.
The researchers were able to create malicious SMS messages for each type of phone they studied. The messages affect the phones without any response from the user. Because feature phones are so common, Mulliner says, such an attack “could take out a large percentage of mobile communications.”