Is It Still A Security Threat If It Was Fixed Ages Ago?
from the uh,-yeah,-prepared-for-that-already dept
We can't seem to go a week without having some security researchers getting headlines for a completely obvious security risk that probably isn't much of a risk at all. Last week it was that (gasp! no!) spammers might attach embarrassing music files to their spam, and this week it's that someone could launch a text message-based denial of service attack against a cellular network. It's not hard to figure out how it would work. Basically, someone (probably using an internet gateway) would spam a ton of SMS numbers, and that would, in theory, slow down the network. Apparently, this "threat" is so important that it's getting its own research paper and a writeup in the NY Times. Of course, it's an amazingly obvious threat -- so obvious, in fact, that most operators have already thought about it and put in place preventative measures. In other words, it's not much of a threat at all.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
SMS spam
There is also quite a bit of SMS spam floating around, though some operators have filters in place many do not and the international nature of SMS delivery means that any open network can be used to send. There are major SMS marketing operations in Jersey Telecom, Swisscom, and MTN South Africa that I know of that generate the majority of SMS spam.
Lastly there are some instances of malformed SMS messages that can cause particular failures on some phones, there was one that would corrupt a particular model of a Nokia phone such that the phone software needed to be reloaded into the phone to fix, but most of the problems can be fixed by power cycling the phone.
The paper talks about a “theoretical” attack and looks at the limitations that GSM has on the air interface for delivery of these messages. This completely ignores the role of the SMSC (short message centre) in the delivery of messages. The only way to send a SMS is to use a SMSC somewhere in the world, and that would require access to the target network over SS7 signaling interface, these interfaces are normally carried over dedicated circuits normally 2 or 3 by 64k (56k in the USA) this is plenty for the normal inter-carrier SMS and other signaling but would choke a denial of service attack. The only other way would be to use the target operators own SMSC and these usually have rate limitations on incoming message delivery connections, especially if these are coming from the internet.
[ link to this | view in chronology ]