Many mainstream mobiles can be crashed after opening a maliciously constructed SMS message. The so-called 'SMS of death' attacks affects mobiles from Samsung, Sony Ericsson, Motorola and LG, among others. Details of the attack, a variant of earlier attacks along the same lines, were outlined by security researchers Collin …
Sent from your Jesus Phone?
Interesting article John..but it looks like your predictive texting is shagged or you have fat fingers (too much beer & xmas pud?) judging by the general unproof-readness.
Read txt b4 send init!
Crash a Smartphone
I've got an iPhone 3GS.
I don't need to receive a malicious crafted SMS message to make it crash. Just use it to make a phonecall and it'll crash within 3 minutes.
I think it might be a feature to stop people running up huge call bills.
If your phone is crashing, even at a percentage of that rate, and you have not notified apple to replace it, you've got issues....
Between a 2G, a 3GS and a 4, and more than 3 years of service for me and the wife, we've only dropped 11 calls, combined. I've not rebooted my iPhone on purpose since the early days of OS 2.x. I don't even reboot to install apps unless the app explicitly recommends I do so (and I usually avoid those apps, apple gave devs proper ways to avoid that, which means bad devs....). Typically, unless i forget to plug it in for more than 2 days in a row and completely kill the battery, it never reboots.
Last blackberry I had used to crash about 1-2 times a week, I had it replaced 3 times before they simply gave me a different (higher end) model. I retuned 2 different Palm phones for much the same reason. I do not tollerate flaky hardware or software. iOS and the iPhone platform are rock solid stable, you;re an ass. no one disputes iPhone stability (only features of the phone and the AT&T network).
@ Michael C
"you;re an ass. no one disputes iPhone stability "
I think you need to take a trip over to the Apple forums. Search for "iphone crashes during call". Some of the forums run to 110 PAGES of complaints. There is a KNOWN PROBLEM with some models of iPhone and iOS, and the only fix is a replacement. (If you read the posts, Apple stores routinely replace phones without question if the user reports the phone crashing, so while Apple aren't publicly admitting a fault, they do know it exists).
If my phone was still under warranty, I'd have got Apple to replace it. Sadly they expect me to pay for new hardware due to a fault raised by their faulty software. Everything worked under iOS3, but you can't downgrade.
Now go back to fondling your Jesus slab and don't call me an ass again.
"There is a KNOWN PROBLEM with some models of iPhone and iOS, and the only fix is a replacement."
It's called a hardware fault. I take it you think hardware faults should be fixable in software?
Given how phones and other fragile devices get thrown around during shipping I'm not surprised there's a few lemons in the field.
It's always easy to blame Apple, but they don't produce the thing. The components are off the shelf parts (mostly) and manufacturing is outsourced to Foxxconn.
"It's always easy to blame Apple, but they don't produce the thing. The components are off the shelf parts (mostly) and manufacturing is outsourced to Foxxconn."
Really? I can't blame the brand on the product because the OEM isn't the brand's company? Who exactly outsourced it to Foxxconn if not Apple? Surely Apple could build things in the United States (or China) in Apple-owned factories if Apple so desired. People don't buy Foxxconn iPhone 4, they buy Apple iPhone 4.
This reminds me..
...of some of the crap that The Coca Cola Company's various bottlers have gotten up to. When the bottlers do something that could generate good press, head office goes all "LOOK WHAT WE DID THIS YEAR!"
When the bottlers hire thugs to shoot union reps, or a plant that requires huge amounts of water to operate opens up in an Indian drought zone and screws the local population over for irrigation and drinking water, it's "not our responsibility, we're a franchise, we only make the syrup."
Sorry guys, but it says "Coca Cola" in big letters on the bottle. You want to avoid responsibility? Try letting your bottlers call it "Super Columbian Cola Plus, now with extra protection money!" Have a little "uses genuine cola cola syrup" on one of the borders. But hey, you wouldn't do that, would you?
"A lot of effort in security circles over recent months has gone into discovering flaws in Android, iPhone and other smartphones by 84 per cent of phone in use are less advanced feature phones."
That made perfect sense! Was this translated online using a dodgy translator from a foreign language?
A title is required
Is it just me that thinks "a dodgy translator" sounds like someone you could have a lot of fun with?
my nipples explode with delight!
my hovercraft however...
but what we all want to know....
is the judas phone at risk to these attacks too....
the article near enough says every other mobile phone is at risk, but no mention of the judas phone?
not the iphone...
between AT&T filtering for such messages in the US, and the iPhone OS method for handling SMS, its immune. It wasn't always (they fixed it back in 2.x-something.
.... will be in a different article
The article isn't about any smartphone be it Apple, Android or WinMo, it's about conventional mobiles which WAY more people have.
If the phone is more then a month old
"Both researchers called for suppliers to increase the frequency of security updates as well as making updates easier to apply. "
The telcos will not bother to hack up a custom version of the new software since they have already moved to a different phone and everyone is stuck with V1.0.
I wish more phone companies were like Apple and didn't let the phone companies hack up the software.
Nothing new here
"Many mainstream mobiles can be crashed after opening a maliciously constructed SMS message."
Well, I managed to crash my Sony-Ericsson cheapo phone by sending it a slightly-wrongly (not maliciously) constructed SMS. Only moving the SIM card to another phone, then clearing out the message brought relief.
Companies should really stop using stressed-out underpaid monkeys to write protocol code.
RE: Nothing new here
From the article: "....bugs in supported Java apps....." I sense the problem is more to do with the language used.
And I laughed like a drain at Micheal C's "troll much" response - looks very much a case of pot meet kettle! ".....more than 3 years of service for me and the wife, we've only dropped 11 calls...." EXACTLY eleven? Not "about a dozen"? What, you counted them, recorded them in your diaries (more likely in equally vacuous blogs, no doubt)? Yeah, right! I sense the fanboism is strong with this one. And then we see the knee-jerk attack on a non-Jobsian vendor: ".....Last blackberry I had used to crash about 1-2 times a week...." I can't remember the last time my BB crashed, but that might be because I have one connected to a BES. The advantage of a BES is that the admins can restrict what happens on the individual devices, which stops lusers that don't know better (that would be you, Mr C) doing half the stupid things they try to do.
The carrier should be data validating text messages entering their network in the first place, not simply passing on garbage unfiltered content to mobiles.
"malformed" really does mean malformed in this case, including characters often not even possible to type on cell phones even with virtual keyboards. Folks, if it ain't basic alphas, nums, and simply symbols, bounce it back to the sender....
And yet, the response from many telcos or even phone manufacturers as to "when will I get updated firmware" is "when you buy a new phone."
Maybe when something happens that crashes the entire bloody network, they'll get a clue? That or a suitably large class action, but who's going to bother bringing one of them over a stuck phone? How many will even know what the problem is, instead saying "oh it's broken, time to buy a new one"?
That's exactly the way Joe Public deals with PCs/Printers/TVs/DVD players/Yadda Yadda...
The manufacturers know this and play to it.
Suicide by SMS
Working in the other direction, I can crash my otherwise-trusty old Nokia 6230i by typing "..." in an outgoing text while in predictive mode. Unfortunately it's so old it doesn't support firmware updates so I suppose I'm stuck with it... oops...
All Nokia phones can be updated, though the older phones were upgradeable only in a Nokia service shop, with a flashing kit. If you can have it done for free or cheaply go for it, otherwise you can probably buy a new phone for the same price.
Check your fw version by dialing *#0000#
Latest firmware is 3.89. Here's the change log if interested:
I like the way this article has a banner down the side linking to ElReg's roundup of cheapo mobile phones.
I'd like to see the review reopened with a test for vulnerability to "SMS of Death" :-)
Anyway, what are the chances of getting a firmware update on a sub £100 cheapo phone?
Hell, my Nokia E50 had a fatal bug from practically day zero that Nokia never fixed and that was a flagship business phone.
I can see SMS of Death becoming a top playground jolly jape fairly soon...
Android text appears to be broken anyway...
I happened to read this thread in Google code this morning, about a long-standing issue with sms going to the wrong recipient if anything interrupts you while you're composing it...
I wonder how many divorces/sackings/decapitations that's caused?
My phone does just that, it does not crash it just keeps working, its a cheap old phone only.
New gimmick items WILL give problems as they are still experimental to a point. Just accept that the rich and stupid are being used as test beds, why should the company pay for its experiments when there are so many willing suckers.
Nokia need to get their updates sorted
Nokia phone updates have to come down via the PC.
For Linux customers, we're stuffed.
You hear me Nokia? Get your back side in to gear, or my next phone will be Android.
Going to have to learn how to do this
It could be far more fun than sending faxes to the mobile numbers of 419 scammers.
AC, because it's probably illegal.