Bricking your cell phone: Mayhem on a Massive Scaleby Charles Jeter Contributing, blog.eset.com
May 24th 2010 4:52 AM
So how hard is it to kill a cell phone?
GSMWorld gave me great statistics on phone usage: as of June 2009 there were 4.3 Billion cellular users. Imagine the number of phones matching the number of PCs under botnet control – 15% this year. That would equal 600 million cell phones. Now imagine 600,000,000 zombied handsets flooding emergency phone numbers as well as performing IP-based DDoS attacks.
According to Aryeh Goretsky,a twenty year malware industry veteran and one of ESET’s Distinguished Researchers I recently polled as he was walking past my desk, there are about 300 dedicated applications of cellular malware currently available. In Moore’s Law computer age terms this would put the cellular malware penetration at roughly around the PC malware equivalent of 1992.
No wonder FBI agents and the folks at the Regional Fusion Center are kept up nights.
Some differences stand out.
- In 1992 we were using the equivalent of a 286 PC, or in my case, the Commodore Amiga.
- To frame market share penetration, the Apple 2c was still in use at the high school my mom taught at. Now PCs are almost ubiquitous in schools.
- Storage capacity was limited to a few Megabytes of data (40 MB external hard drive) and CD-ROMs were known as WORM drives (Write-Only, Read-Many) which could store a whopping 600MB of data.
Compare that with the capacity of the Smartphones in use today.
- Blackberries with removable storage can hold 8 Giga-bytes of data. 1GB = 1000 MB.
- Processor speeds on Smartphones rival those of PCs five years earlier.
- And web-enabled TCP/IP traffic means a conduit for applications to virtually anywhere.
Faster CPUs and higher storage mean Smartphones are approaching the attack surface horizon. With the critical exception of a phone having always-on connectivity. Any time, any place. And with Wi-Fi connectivity built into most smartphones, there is a potential infection vector for the enterprise or while just passing by. So how big is this threat?
What would happen if every single one of the four BILLION cell phones on this planet just went dark?
Or most likely, what would happen if every single cell phone went dark in one country? One scenario is a combined DoS attack on the internet was combined with a DoS attack on the cellular phone infrastructure at the same time.Mobile Threats – 2009 Securing The Perimeter SOeC event at SDSU
Those are open ended questions. They relate with security as a whole and definitely relate to the impact of cyberwarfare.
As a longtime SoCal resident I tend to remember the Rodney King Riots in LA in 1992 as a comparison point of reference for what can go wrong when civility suddenly takes a sharp left turn off the road.
How about a combined cell / internet threat?
From smsanalysis.org comes this excerpt of their report:
“Cellular networks are a critical part of the economic and social infrastructures in which we live. These systems have traditionally experienced below 300 seconds of communication outages per year (i.e., “five nines” availability).
However, the proliferation of external services on these networks introduces significant potential for misuse. We have shown that an adversary injecting text messages from the Internet can cause almost twice the yearly expected network down-time in a metropolitan area using hit-lists containing as few as 2500 targets.
With additional resources, cyberwarfare attacks capable of denying voice and SMS service to an entire continent are also feasible.
By attacking the less protected edge components of the network, we elicit the same effects as would be seen from a successful assault on the well protected network core.”
I would mention that their paper has all the details.
Analysis: Cyberwarfare will probably include DDoS on Cellular
If you can interrupt communications on several layers, you can disrupt any operations plan. This is pretty much a Sun Tsu principle applied to cyberwarfare.
Smart phones, Dumb phones – all are vulnerable
Let’s call phones with direct web browsers Smartphones and phones that are tier two basic call and messaging service available Dumb phones. Dumb phones used to be programmed to be remotely knocked out with SMS messages that kill the chip running the handset, known now as a ‘kill pill’. In fact, quite a few companies make an SMS Kill Pill which can, among other things, frag all of your data with an encryption remotely.
Cellular Control Systems – SCADA and SMS
In effect the infrastructure may not be connected to the Internet, but as this article discusses, the cellular data structure security is also questionable.
Bricking the ERTs
Emergency Response Teams, or ERTs, depend upon technology to communicate just like the rest of us. With manufacturers like Lenovo, Panasonic Toughbook, and other ruggedized vendors vying for this DHS-grant funded public safety component, there’s no shortage of embedded cellular technology. Much of it uses the GSM standard, utilizing SMS messaging. With both an IP range to protect and specific blocks of cellular numbers (example as 555-2001 through 555-2500) issued as the de facto by carriers, cellular technology is more of a status quo.
There are more questions than answers here – in effect if cellular service loss was an effect of cyberwarfare, you can count on it impacting morale in a very big way. Comments?
Charles Jeter, Securing Our eCity Contributing Writer
Shared from Read It Later