Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Communications Security

Jamming Cellphones with Text Messages 276

Posted by ScuttleMonkey
from the only-one-man-would-dare-give-me-the-raspberry dept.
Steve writes "Some Penn State professors and students have published a way to jam cellular voice service with simple text messages. From the article: 'Because text messages are transmitted on the same signal that is used to set up voice calls, just 165 messages a second is enough to disrupt all cellphones in Manhattan.' Cellular providers, of course, fired back, one stating that it 'constantly and aggressively monitors potential threats to the integrity and security of its network.'"
This discussion has been archived. No new comments can be posted.

Jamming Cellphones with Text Messages

Comments Filter:
  • One problem. (Score:4, Interesting)

    by Musteval (817324) on Wednesday October 05, 2005 @04:46PM (#13725351)
    165 messages a second would cost you about ten thousand dollars a minute, at the prices the cell companies charge.
    • Re:One problem. (Score:3, Informative)

      by jerw134 (409531)
      $990/minute, assuming a charge of 10 cents per message.
      • Re:One problem. (Score:2, Informative)

        by maxrate (886773)
        You can send text messages for free via e-mail, recieving is usually free too.

        • Re:One problem. (Score:2, Informative)

          by kd5ujz (640580)
          true, and if other providers are like cingular, you can just write a script to go through a given range of telephone prefixes. with cingular, an email to 1231231234@my.cingular.com will result in a text message being sent to 123-123-1234's cell phone.
          • Re:One problem. (Score:2, Informative)

            by alc6379 (832389)
            true, and if other providers are like cingular, you can just write a script to go through a given range of telephone prefixes. with cingular, an email to 1231231234@my.cingular.com will result in a text message being sent to 123-123-1234's cell phone.

            While it is technically feasible that this could be done, implementing an anti-spam filter, or similar, on the mail address in question. While everything is still going through a server (and I'm sure similar solutions can/will exist for SMS), whether it's em

      • by MightyMartian (840721) on Wednesday October 05, 2005 @05:09PM (#13725541) Journal
        $990/minute, assuming a charge of 10 cents per message.

        Ch-rist! For that price, I could have a dozen women heavy breathing on my cellphone, telling me how much they love it when I do that to them!

    • Re:One problem. (Score:3, Insightful)

      by rm999 (775449)
      Don't they offer unlimited text messages for some sort of fee? Also, there are online services that allow you to send out text messages for free (i think you can do it by e-mail)
      • If you are sending the text message by email, eg: #########@carrier.com the carriers are the ones who will be sending out the message to the phone, I would think that they are smart enough to control the number of text messages sent by the service.
    • by EmbeddedJanitor (597831) on Wednesday October 05, 2005 @04:53PM (#13725419)
      AFAIK, text is typically low priority traffic, but that can depend on configuration, network type etc. Network control is highest, voice next, followed by data and text.

      The reason for this prioritisation is that delaying isochronous (eg. voice) data makes it unusable, but backing up text is OK. If you try jamming with text all you'll end up with is a load of backed up text.

      • What? (Score:5, Informative)

        by EvanED (569694) <evaned@ g m ail.com> on Wednesday October 05, 2005 @05:02PM (#13725486)
        Your comments directly contradict the NY Times article...

        The system works even when cellular calls do not because text messages are small packets of data that are easy to send, and because the companies transmit them on the high-priority channel whose main purpose is to set up cellphone calls.


        Do you have a source?
        • Re:What? (Score:4, Informative)

          by timmyf2371 (586051) on Wednesday October 05, 2005 @05:06PM (#13725520)
          I don't have a source, but from my experience with Orange (in the UK), I've found it to be the same as the OP.

          One day while I was sending text messages I was getting a surprisingly high percentage of failed sends, so I called their technical helpline, gave my postal code etc and was told the base station nearest to me was undergoing maintanence and thus would have a reduced capacity for around 24 hours, and because voice traffic had priority over SMS/data there may be intermittent issues.

          • Re:What? (Score:3, Informative)

            by glesga_kiss (596639)
            You believed what Orange Customer Support said? Let me guess...you don't check out many cellular formus do you? ;-) They fib about technical problems all the time.
          • My text messages regularly take hours to get a response, while I can simultaneously make a call just fine. I think this it probably is different depending on the network: hence the discrepancy.
        • My text messages get rejected when I send too many from my phone (I pay 10 bucks a month for unlimited IM adn text).
        • Re:What? (Score:2, Informative)

          by kesuki (321456)
          Your comments directly contradict the NY Times article...

          The system works even when cellular calls do not because text messages are small packets of data that are easy to send, and because the companies transmit them on the high-priority channel whose main purpose is to set up cellphone calls.


          Do you have a source?

          Bad reporting, Yes cell phones use SMTP to contact towers, and verify the accessability of circuits, and those SMTP packets are highly flaged, and YES text messages are SMTP packets (same as I
          • Re:What? (Score:3, Insightful)

            Yes cell phones use SMTP to contact towers, and verify the accessability of circuits, and those SMTP packets are highly flaged, and YES text messages are SMTP packets (same as ICQ and e-mail, AIM, MSN etc etc)

            Arrgh! SMS, no SMTP! ICQ uses udp or possibly a tcp connection, not SMTP. Are you really that clueless or just trolling?

      • sending smsm messages uses the control channel, which is required for setting up each voice call. ever noticed sometimes you can send/recv SMS messages but when you try to call you get no service
    • Re:One problem. (Score:2, Insightful)

      by Urza9814 (883915)
      Um, no...I have a plugin for firefox that lets me send free text messages...it works, I've used it...I think it's from google actually, not sure about that though.
    • Not with Verizon (Score:3, Informative)

      by everphilski (877346)
      .... with Verizon's *in* network, $5 a month flat rate to other Verizon members.

      Verizon kicks ass.

      -everphilski-
    • VERY TYPICAL OF GSM (Score:5, Interesting)

      by KayEyeDoubleDee (541235) on Wednesday October 05, 2005 @06:57PM (#13726225)
      Several years ago I was involved in solving a similiar problem in the GSM/MAP/SS7 backbone network of a major European cellular provider/broker. In that case, there was an problem because the SMS messaging is carried in the MAP "signalling" layer, which resulted in the waste of the vast majority of the bandwidth that was meant to be used to handle subscriber management, roaming, authentication, etc. The network (which provided roaming between 100+ sizable European, Asian, and North African carriers) was being saturated with internet-generated SMS text messaging. Essentially, we were only able to block the traffic, having little control over its generation and/or entry into the network.

      Clearly the people that designed the air interface made the same poor architectural decision.
  • Magic Link (Score:3, Informative)

    by JS_RIDDLER (570254) * on Wednesday October 05, 2005 @04:47PM (#13725359)
  • 165 times a second? Beauty.
  • So you don't have to give up your first born:

    NY Times Registration [bugmenot.com]
  • by mblaze (71452) * on Wednesday October 05, 2005 @04:48PM (#13725380) Homepage
    A more detailed description of the threat is at smsanalysis.org/ [smsanalysis.org]. The actual paper at smsanalysis.org/smsanalysis.pdf [smsanalysis.org].
  • I guess it's kinda like a cell phone getting slashdotted too!
  • by The_Rippa (181699) on Wednesday October 05, 2005 @04:51PM (#13725404)
    Don't you think that there are already more than 165 text messages being sent out every second in Manhattan?
    • Straw that broke the camels back .
    • With a population that size I'll bet you are right. I too call BS on this test. If they said 165 per second to every cell tower zone I might beleive that. If one cell is zapping out 1000's of messages you know they are going to throttle it or take it down. Problem is if you get a group of people doing the slamming THEN you might clog the system.
    • Possibly, but maybe not all on the same network.
    • And that is why I do not regret the purchase of ISBN : 0520219783

      This is exactly the kind of random bullshit that I'm going to hear someone quote as the god's truth as the easiest way to bring Manhattan's cell phone services to a hault.

    • by mirqry (861861) on Wednesday October 05, 2005 @05:44PM (#13725785)
      I don't think its even close. 165/sec lets say from 8am to 8pm is 7,128,000. Around 1.5 million people in Manhattan. So that would be saying every single man, woman, and child in the Manhattan send 4.75 text messages a day.
      • Mod parent up, he should approximately be right.

        Of course, one could elaborate more on this Fermi-like problem [wikipedia.org], but I don't that'd be neccessary :)
      • I don't feel like doing the probability math, but I would safely assume that the odds very good that there is at least one unique second in the day where 165+ messages are simultaneously. Even if you assume only half have a cell phone, and that of those with a cell phone they send an average of one message/day, the odds will be very good. If you look at it over a period of weeks or months, you can almost guarantee that it will happen.
        • well then you would only have 1 second that a call could not be connected. This is in the control channel, not the data channel. Calls that are already established will stay connected, but for *1* second, people would not be able to make a call. In order to DOS the network, this must be sustained.
      • Around 1.5 million people in Manhattan. So that would be saying every single man, woman, and child in the Manhattan send 4.75 text messages a day.

        Ummm. No. Manhattan has a population of 1.5 million. That means 1.5 million live there. The number of people who work in Manhattan every day is quite a bit higher -- 4.5 or 5 million I'd reckon, maybe more.

        I'm still highly skeptical of this but know that it is possible. I was in Slovakia in 2002 when they won the ice-hockey world championships. It's a small

  • by popo (107611) on Wednesday October 05, 2005 @04:52PM (#13725416) Homepage
    Most people don't know that you can send text messages for free through Google's text messaging service.

    http://toolbar.google.com/send/sms/index.php [google.com]

    Now all you need is a perl script and ... hello? ...hello?

    -------------

    judge a man by his wallet [jfold.com]
  • by SuperBanana (662181) on Wednesday October 05, 2005 @04:55PM (#13725437)
    Because text messages are transmitted on the same signal that is used to set up voice calls

    Ah. So that's why it costs an insane amount of money to send a text message (well, that and a text message may mean "no phone call to bill for".)

    Also- can anyone explain why data is still so damn expensive? I have a data capable phone w/bluetooth, I travel a fair bit...but I don't ever use the data service, because it's so incredibly expensive. 2-8MB runs you almost as much as the voice service does!

    Seems like they could make a lot of people happy if they made data more affordable. I guess we'll have to wait for one of the providers to start competing on that front, instead of buying each other up? :-)

    • Also- can anyone explain why data is still so damn expensive? I have a data capable phone w/bluetooth, I travel a fair bit...but I don't ever use the data service, because it's so incredibly expensive. 2-8MB runs you almost as much as the voice service does!

      Sounds like you're getting screwed. With Verizon, I can use 1xRTT data almost anywhere (~90 kbps average, 144 kbps max) and with my America's Choice plan, it's billed just like a voice call - meaning it's free between 9PM-6AM and on weekends. If you use
    • Because they're trying to claw back the money they spent on wireless licenses for 3G data services. They can't do that unless they make a fat margin on data, so it's very expensive. I'm also annoyed by this: transferring about 1.5mb of data has cost me recently about $22
    • a couple reasons... bandwith available is very limited. the entire licensed spectrum for cell phone coverage is less than the frequency a single analog TV broadcaster uses.

      so yeah data is expensive, and frankly the answer to that was going to be the FCC taking all 13 channels of VHF broadcast and converting them to various products including a large subset to be licensed for cellular broadcasts... but the states is nowhere near the numbers that would allow the FCC to license off those frequencies.

      if you ha
    • Also- can anyone explain why data is still so damn expensive?

      Sure. Carriers would prefer a small number of people to pay extremely high rates than a whole lot of people paying a reasonable rate. Otherwise they have to invest a lot more in their infrastructure to support the extra traffic. Competition is the only way to help the consumer in this area - the threat of completely losing a customer to a competitor is the only real motivation for a carrier to do anything. All the carriers have their data rate
    • around here there used to be a service that promised unlimited sms's per month for a low flat fee.

      they didn't take into account that people would use it for data logging etc.. so they just made it 1000 sms's per month or so after people did use it for data logging and such.
  • by Anonymous Coward on Wednesday October 05, 2005 @04:56PM (#13725444)
    Last year I had a friend that wrote an app that would text message a verse from the 12 days of Christmas every day, but something went horribly wrong and I was getting messaged a verse from that damn song every few milliseconds for a couple hours straight. Not fun.

    Hey Steve! (you ass)
  • In their research, the authors concluded that all major cellular networks were vulnerable, and that a single computer with a cable modem could do the job.

    ...

    One challenge for would-be attackers, according to the paper, is pulling together a list of working cellphones in a specific geographical area. But that, too, is made simpler via the Internet; the authors describe a process using Google and some search tricks that allowed them to collect 7,308 cellular numbers in New York City and 6,184 from Washington

  • Nice observation (Score:2, Insightful)

    by evil agent (918566)
    From the article, Professor McDaniel says

    "It seems to me unlikely that a small number of unsophisticated users would be able to mount this attack effectively."

    Who cares! Those aren't the people we're worried about. It would just take ONE sophisticated user to mount this attack.

  • I don't buy it. (Score:2, Informative)

    by Johnno74 (252399)
    There must be at least a million cellphones in Manhattan. I'd say its safe to say that each cellphone would send an average of one text message a day.

    So there are already somewhere in the rough ballpark of 1 million text messsages being sent a day. Possibly many more, probably no less.
    that equates to 41,000 per hour, or 72 per second, on average.

    Now of course the texts aren't spread evenly over those 24 hours. The majority of those messages will be sent during 12 hours of the day, which would mean during
    • perhapse the current system is not capable of handling double it's current load
    • Re:I don't buy it. (Score:2, Informative)

      by Anonymous Coward
      41,000 per hour is 12 per second, not 72. So there's plenty of capacity.
    • You forget that it is adding the said 165 messages a second to the network and not simply the traffic upper limit is 165 messages a second. Assume the upper limit is 165msgs/sec and by sending 165msgs/sec you are approaching the upper limit and most likely going over with the addition of normal traffic. This would create the slowdown mentioned. The goal of adding 165msgs/sec doesn't seem all that hard especially with the speed of modern computers. I think the article mentioned that one person with a cable m
  • by throx (42621) on Wednesday October 05, 2005 @05:28PM (#13725659) Homepage
    I don't buy it for one very big reason - the cells are functionally independant and Manhattan has a *lot* of cells. That means you could shut down a single cell with text messages if you targetted a single phone but a simple throttle on the number of messages to a single phone number would prevent that.

    Now if you could figure out how to send messages to a bunch of different phones all in the same cell then you may be able to take that one cell out of business for a while, but DoS all of Manhattan? I think not.
  • by Doc Ruby (173196) on Wednesday October 05, 2005 @05:32PM (#13725690) Homepage Journal
    Manhattan usually has 5+ million people in it all day long. 165 msgs:sec is only 10K msgs:minute. I'm surprised Manhattan doesn't already get that kind of traffic. Especially after a big event, like a World Series win, or a stock market crash. I'd say "terrorist attack", but the last one destroyed the 7 World Trade building, which took out Verizon a lot more definitively than a DoS attack. But that hardly seems necessary to generate texts from 0.5% of Manhattan within a minute.
  • Hey all you guys in Manhattan! Are your cell phones working? If so, then I'll up the number of SMS/second.
  • I know from connections to several european 'short message service centers' that they won't accept more then 10 or 100 messages a second even for wholesale connections (content providers, chat providers, tv games etc.). The overal capacity can never overflow the network since there is a limiter on the SMSC.
  • Cellular providers, of course, fired back, one stating that it 'constantly and aggressively monitors potential threats to the integrity and security of its network

    Yeah, we've upped it, now you have to send 172 texts per second!
  • Next up (Score:2, Funny)

    by freaktheclown (826263)
    Next up, the Motorola JAMR!
  • Everybody on the count of three! Start text messaging microsoft.com as fast as you can! From there we'll move on to Yahoo.com, and maybe even cnn.com for fun!
  • by first_tracks (919961) on Wednesday October 05, 2005 @05:59PM (#13725878)
    You can email a text message to someone's phone, and for some carriers it is an automatic $0.10 or more a message received and the reciever can't not recieve it. Here are all the SMS addys:

    Sprint: 10-digit-number@messaging.sprintpcs.com
    Verizon: 10-digit-nmber@vtext.com
    AT&T: 10-digit-number@mobile.att.net
    T Mobile: 10-digit-number@tmomail.net
    Nextel: 10-digit-number@messaging.nextel.com
    Cingular: 10-digit-number@mobile.mycingular.net
    Alltel: 10-digit-number@message.alltel.com

    i can see how they could put in safe-guards like monitoring multiple messages from an IP in a certain time frame. but, smart programmers can work around this fairly easily.
  • What is the point of the study or what not that these professors were doing? ... and why publish the results out loud?

    If it were true, and they release findings like that, wouldn't that be like just painting a big target sign on cellular infrastructure? ... someone set me straight if I am reading these things wrongly...
    • Ummmm yeah. If I told you that it takes 30,000 Pounds of Bananas to crush someone's $noun does that mean someone's $noun is now more vulnerable?

      Ok I know the analogy is not exactly the same (can't get Chapin outta my head) but the principle is still the same. Knowing the breaking point of something does not "paint a target" on it.

  • by killercoder (874746) on Wednesday October 05, 2005 @06:45PM (#13726163)
    Back in 2000 I was writing native Blackberry applications. At the time the RIM network was Artus, and you could send 100's of short Artus packets directly to the MIN of the device. BAM! The tower went down till you stopped. The smaller the message the higher the priority - the easier it was to bring down the tower.

    "We monitor our network for security issues - BULLSHIT", they monitor the billing systems and channels for abuse - sure - but not the QOS.
  • you could jam it with a signal jammer too.

    and a whole lot of other ways. but their method isn't good for anything if the priorities are set up correct for the cell.
  • by digital photo (635872) on Wednesday October 05, 2005 @06:53PM (#13726202) Homepage Journal

    Let's look at it this way:

    Sources of Bandwidth/Attacks

    • College Campuses(1.5mbps to 45mbps, depending on campus)
    • Cable and DSL Users(1.5mbps - 6.0mbps per connection)
    • Business Servers(1.5mbps - 1gbps, depending on business system)

    The original article assumes you wanted to take out more than one sector in the cellular coverage. If you wanted to be more specific and pinpoint only a handful of sectors, you would need less than the numbers the article specifies.

    Most text messaging service providers have email gateways. This is one of the reasons why I disabled my text messaging capability. No way to filter the message and at $0.10 / message, it is too abusable.

    A weak computer running a fast multi-threaded emailer(Postfix) can dump a fair amount of email at a email-to-sms gateway. It is amazing how many messages/sec you can achieve if you tweak your configuration. 3-4 well placed and configured systems could take out a sector or 2. Distribute that over 10-20 thousand zombies, and you have much greater capacity and better redundancy. The provier will either need to already have anti-DDOS equipment in place or shut down the gateway. Bounce those over open relays and it makes dynamic rerouting even more difficult.

    Scenario:

    There is a convention going on. Someone was going to launch an attack on the convention site. They don't need to wipe out access to the entire city. They only need to wipe out acccess to the cellualr cells/sectors covering the convention area itself.

    So, they gain access to a list of peoples' phone numbers, who will be attending and SMS-bombard those numbers.

    Guess what? Since all of those numbers are at the convention site and being serviced by a fixed number of cellular cells, you have now effectively targetted those cells and overloaded them.

    With the cell access busy, to the people trying to make calls or receive calls at the convention, an attack on the convention would only be reportable by landline and/or by bystanders outside of the convention center.

    Say the attack is a silent one: chemical, toxin, biological. The emergency response would be delayed enough that most of the target individuals would be dead before help could arrive. Most people these days depend heavily on their cell phones. The first thought isn't to try to make a call on a landline for many.

    Another abuse would be to use the system to financially deplete another organization's funds by ramping up their telco fees through excessive messaging via a zombie network. While most organizations might have flat fee subscriptions, some do not. Especially for their one-off need-it-now celphone plans.

    I've actually called my provider and asked them about filtering and blocking, but they have told me that it was either completely on or completely off. I chose completely off.

  • by mcdade (89483) on Wednesday October 05, 2005 @07:45PM (#13726469)
    I'm writing a paper on how you put enough cars thru a major traffic intersection and it will create a problem and cause downtime in that area. I'm going to to call it a 'traffic jam'.

    Tell us something we didn't know.. every technology has it's limit, flood it beyond capacity and you will see it fail.

    nice.

    -b
  • by AB3A (192265) on Wednesday October 05, 2005 @07:46PM (#13726474) Homepage Journal
    For those of you who have never looked at a real phone network, allow me some bandwidth:

    Nobody has ever allowed for a one to one switching network like you may have seen with a switched hub. It's too expensive. They use trunk lines instead. The number of trunk lines depends on the statistics of the local area calling. There are benchmarks to use for various types of service. These systems are designed for four and five nines of up time. But it's not overload proof. You have all gotten fast busy signals before. That's because there were no trunks available.

    What these folks have figured out is how much bandwidth a typical cell site can have. They have figured out how many text messages it would take to fill up that available bandwidth. Big Deal. Cell sites do saturate. This is not a design "flaw" --it's a design point. Just as almost nobody builds buildings to withstand 200 MPH winds, almost nobody builds that much bandwidth in to a cell site. You could, but it would almost never get used.

    Instead we build them to handle almost all conditions. Yes, they can saturate. That's a political design issue. Someone who knows the design points can certainly overload one. But during normal use, they will work just fine. Since there are no lasting effects from such overload, most engineers figure that people will just clear out before things get too dicey.

    Naturally, some twits who want to jam cell phone conversations will find plenty of ways to do this. The network is built for civil use --not military use. That's why police and fire authorities use seperate communications networks (or if they don't they're just asking for trouble). That's why ham radio operators are often able to render assistance when everyone else is busy trying to call home. Common Carrier networks will overload at some point, just as roads can saturate and slow to a crawl. We'll never have enough bandwidth or enough roads. But we can ensure that there will be enough to get by.

    The Times could do for a brief lesson in engineering design criteria...

"It's ten o'clock... Do you know where your AI programs are?" -- Peter Oakley

Working...