Exploiting Open Functionality in SMS-Capable Cellular Networks

“Cellular networks can be broken into two chief components – the radio, or “air interface” and the wired backbone. We are chiefly interested in how traffic injected from the Internet can be used to congest the air interface as it is the more constrained of the two.

We divide the air interface into two general components – Control Channels and Traffic Channels. It helps to think of control channels as a very small portion of radio frequency that allow cellular towers to send information pertaining to call setup, SMS delivery and network conditions (such as the availability of traffic channels) to mobile phones. Traffic channels are instead used to carry actual voice conversations after they have been established via the control channels.

Because text messages and mobile-phone call setups rely on the same limited resource, namely control channels, it is possible to attack this system. If enough text messages are sent so that no more control channels are available, calls will begin blocking (i.e. will not be connected).

We demonstrate the ability to deny voice service to large metropolitan areas with little more than a cable modem.”
Quelle: smsanalysis.org


July 7, 2007.

