A Silent SMS Denial of Service (DoS) Attack

Neil J Croft and Martin S Olivier

2007

[Citation information] [Abstract] [Keywords] [BibTeX entry] [Full text]
[Return to publications]

Citation information

NJ Croft and MS Olivier, "A silent SMS denial of service (DoS) attack," Proceedings of the Southern African Telecommunication Networks and Applications Conference 2007 (SATNAC 2007), Sugar Beach Resort, Mauritius, September 2007 (Published electronically)

Abstract

Global System for Mobile communications (GSM) is a popular mobile communications network. Short Message Service (SMS) is an easily adopted person-to-person communications technology for mobile devices. The GSM architecture allows for the insertion of mass application-generated SMS messages directly into the network infrastructure. This is achieved through a SMS Mobile Switching Centre (SMSC) using a variety of request-response protocols, for example Short Message Peer-To- Peer Protocol (SMPP).

Through protocol manipulation, an application may generate an SMS which neither displays on the mobile handset nor provides an acoustic signal. Known as a “Silent” SMS, this occurs where the mobile handset must acknowledge receipt of the short message but may discard its contents. A “Silent” SMS may help police services detect the existence of a mobile handset without the intended party knowing about the request. In contrast, a mass continuous send of “Silent” SMS messages will constitute an invisible Denial of Service (DoS) attack on a mobile handset. Such a mobile handset DoS attack may be conducted for economic advantage to elude another party from communicating.

This paper describes, from a technical perspective, how a silent application-generated denial of service (DoS) SMS attack is conducted. We then investigate possible ways of thwarting such an attack at a GSM network level. Furthermore we explore related SMS attacks on the GSM network.

Keywords

SMS, Denial of Service Attack, DoS, GSM

BibTeX entry

@INPROCEEDINGS(silentdos,
  AUTHOR={Neil J Croft and Martin S Olivier},
  TITLE={A Silent {SMS} Denial of Service {(DoS)} Attack},
  BOOKTITLE={Southern African Telecommunication Networks and Applications Conference 2007 (SATNAC 2007) Proceedings},
  ADDRESS={Sugar Beach Resort, Mauritius},
  MONTH={September},
  YEAR={2007},
  NOTE={(Published Electronically)} )

The full text may be downloaded from http://mo.co.za/open/silentdos.pdf (PDF, 154K).

[Publications] [Home]
Page maintained by Martin Olivier
Last update: 31 October 2007