Security researchers at Pennsylvania State
University have warned that mobile phones could be at risk from
denial of service attacks spread through text
messaging.
In
areport, the
researchers suggest attackers could build up databases of mobile
numbers from specific regions and then flood those numbers with
unwanted text messages. Attackers could use publicly available
websites or messaging clients on “zombie” computers to send the
text messages, which would eventually jam up the systems that
carriers use to send and receive SMS messages from mobile
phones.
Because mobile phones use the same small portion of
radio frequency to both set up calls and send SMS messages, a flood
of SMS messages would so overwhelm a cellular tower that it would
effectively prevent any new phone calls from going
through.
It
would take apparently little more than a cable modem to deny
service to large metropolitan areas in the US. For example, a city
the size of Washington could be taken out by a denial of service
attack with a bandwidth of about 2.8mbps.
Nokia has just done a deal with Symantec to
incorporate Symantec’s Mobile Security antivirus program into its
Series 60 smartphones. The software is designed to thwart attacks
that could compromise the extensive data that people store on their
phones.
There is little doubt that mobile phones’ very
ubiquitousness makes them a tempting target for hackers. What is
needed is an exercise by the mobile providers to educate users on
the security precautions they should take.