Is It Still A Security Threat If It Was Fixed Ages Ago?

from the uh,-yeah,-prepared-for-that-already dept

We can’t seem to go a week without having some security researchers getting headlines for a completely obvious security risk that probably isn’t much of a risk at all. Last week it was that (gasp! no!) spammers might attach embarrassing music files to their spam, and this week it’s that someone could launch a text message-based denial of service attack against a cellular network. It’s not hard to figure out how it would work. Basically, someone (probably using an internet gateway) would spam a ton of SMS numbers, and that would, in theory, slow down the network. Apparently, this “threat” is so important that it’s getting its own research paper and a writeup in the NY Times. Of course, it’s an amazingly obvious threat — so obvious, in fact, that most operators have already thought about it and put in place preventative measures. In other words, it’s not much of a threat at all.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Is It Still A Security Threat If It Was Fixed Ages Ago?”

Subscribe: RSS Leave a comment
1 Comment
Stuart Ward says:

SMS spam

This is not a new issue, and I agree that it doesn?t warrant the scare type of write-up. We have seen several attacks on individual users where someone sends several hundred SMS messages to one number, known as SMS Bombing. There was also a virus that had as the payload code to send SMS messages on one of the Portuguese networks, but that was about 5 years ago.
There is also quite a bit of SMS spam floating around, though some operators have filters in place many do not and the international nature of SMS delivery means that any open network can be used to send. There are major SMS marketing operations in Jersey Telecom, Swisscom, and MTN South Africa that I know of that generate the majority of SMS spam.
Lastly there are some instances of malformed SMS messages that can cause particular failures on some phones, there was one that would corrupt a particular model of a Nokia phone such that the phone software needed to be reloaded into the phone to fix, but most of the problems can be fixed by power cycling the phone.
The paper talks about a ?theoretical? attack and looks at the limitations that GSM has on the air interface for delivery of these messages. This completely ignores the role of the SMSC (short message centre) in the delivery of messages. The only way to send a SMS is to use a SMSC somewhere in the world, and that would require access to the target network over SS7 signaling interface, these interfaces are normally carried over dedicated circuits normally 2 or 3 by 64k (56k in the USA) this is plenty for the normal inter-carrier SMS and other signaling but would choke a denial of service attack. The only other way would be to use the target operators own SMSC and these usually have rate limitations on incoming message delivery connections, especially if these are coming from the internet.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...