Saturday, November 12, 2011

DoS (denial of service) attack on Mobile phones (Initial Beta Draft)

  

As we are in this world influenced by information security, we as security professional have seen many kind of Dos and DDoS attacks happening around the world but what if any one DoS your daily communication Companion ? your mobile device ? and you are just unable to call or operate your phone in proper way ,not even listen to music or even videos ??

        Some years back there was DoS possible on a Nokia Phone back in around 2003. but now there is a new way (at least i think so) for performing DoS attack on a Samsung Mobile Phone. Because of auto call reject functionality of the Samsung phones.
        Auto call Reject functionality : this function of the Samsung phones is used to block any number to call u so when a person adds any number like xxxxxxxxxx to reject list and if xxxxxxxxxx calls that person ,so the call is automatically gets disconnected , and that number xxxxxxxxxx can not connect a call with you.
            Example : if Bob has a Samsung mobile phone and if Bob adds Mak's mobile number to is auto reject list , so when Mak calls Bob it call gets disconnected in first call ring and Bob has just a missed call alert of Mak's call.
        Its a nice function of Samsung mobile phones to block unwanted callers but as by the example the rejection function reject call but it shows a missed call alert of that blocked number. This is the main flow (Bug) which allow the DoS happening on the Samsung mobile phones.
           Lets take the above example again , Mak's mobile number is in reject list of Bob's Samsung phone so when Mak calls Bob his call ends immediately and with a missed call alert on Bob's phone but if Mak calls Bob in a rate of just a few seconds then ?? -  than it performs a DoS on Bob's Samsung mobile phone so if Mak calls Bob in seconds again and again by his phone's auto redial function than bob is unable to receive any on else calls because its going to show busy to that other caller calling Bob. even Bob can not do calls , can not listen to music ,videos or even capture photos because the phone continuously shows missed call alerts of Mak's calls.
        It happens because of the missed call alert which takes long to go from the screen on the phone. so if Samsung adds a function like some Chinese phones  - they just don't show any alert on the mobile screen and shows entries of blocked calls.
        Anyone can just give missed calls to that mobile number for some time so when the user of that Samsung mobile phone adds the number to auto reject list than u can register on mobivox or similar service and just write a Autoit3 script or similar to give missed calls to the person to its a DoS on his Samsung Mobile.
The script for this purpose is under construction.

Author :
Ashish Mistry
Founder of Hcon
Information Security Researcher, Penetration Tester, Malware Researcher, Trainer

Source - http://www.hcon.in/4/post/2011/11/dos-mobile1.html

0 comments:

Post a Comment