Mobile security concerns often center around high-power smartphones, but at the Chaos Computer Club Congress some German researchers demonstrated even feature phones are vulnerable. By setting up a small GSM test network in the lab, researchers were able to test various SMS messages with different malicious payloads. The results were startling.
The German researchers were able to find vulnerabilities in many feature phones from Nokia, Sony Ericsson, and LG. The so-called “SMS of death” had different effects on each handset. Some were just disconnected from the GSM network, others were forced to reboot, but some (including models from Sony Ericsson and Nokia) were rebooted without registering the message as received. That means the network will continue sending the message, making the phone useless. The only way to fix this issue is to put the phone’s SIM card in a non-susceptible phone.
The researchers stressed that the same vulnerability probably exists in many phones, but they only tested a handful of popular models. If these exploits make it into the wild, unscrupulous individuals could send these messages en masse, forcing a mobile provider to pay up to stop the attack. Now that the details are known to manufacturers, future phones can avoid this problem, but existing feature phones rarely get firmware updates. Fixing current handsets might be a no-go.