LWN.net Logo

Advertisement

ThinLinc Terminal Server

Advanced thin client solution for Linux, based on Open Source. Mix Windows and Linux applications on the same desktop.

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Free the Cell Phone! (Wired)

Free the Cell Phone! (Wired)

Posted Oct 5, 2005 22:03 UTC (Wed) by Ross (subscriber, #4065)
In reply to: Free the Cell Phone! (Wired) by Ross
Parent article: Free the Cell Phone! (Wired)

An article on the NY Times linked from Slashdot seems to be on topic here:

http://www.nytimes.com/2005/10/05/technology/05phone.html

"Hackers could take down cellular networks by inundating their popular text-messaging services with the equivalent of spam, computer security researchers said."

"Because text messages are transmitted on the same signal that is used to set up voice calls, just 165 messages a second is enough to disrupt all cellphones in Manhattan."

That's anything but good design. Based on the discussion here I assume the solution is going to be: rate limit the number of messages phones are allowed to send. That's like trying to prevent network attacks by outlawing port scanners.

(Log in to post comments)

Free the Cell Phone! (Wired)

Posted Oct 7, 2005 7:08 UTC (Fri) by Cato (subscriber, #7643) [Link]

SMSs are sent using the signalling channel of the mobile network (basically SS7, called MAP in case of GSM I think). SS7 is in fact a packet based network that carries signalling requests and responses (ringing, busy, etc) somewhat like IP. So when someone spams the network with a large number of SMSs, that's like trying to place that number of calls per second. In the old days when phones were entirely driven by human fingers, neither case was possible so the network didn't need to protect against this. Now, the issue is simply rate-limiting the SMS/signalling traffic to something reasonable. This is similar to what IP networks have to do in their control plan (routing/signalling) - ensure that routing updates are kept to a reasonable rate across the boundary to an untrusted network.

The drive to have a 'trusted' phone platform would enable some good things, such as preventing people faking their phone number in SMSs (imagine getting fake text appearing to be from a family member about some emergency - would you stop to think it might be faked if it came from their number?). However, it would also lock people out from installing arbitrary software on their own phones, including open source.

Laws protecting the right to unlock phones and SIMs at reasonable cost, and to limit the use of TPM in phones (ideally to network-affecting infrastructure modules, e.g. only way to send SMS is via an authorised API module), are very important to consumers, hackers and the mobile industry generally. Without the innovation of new software on mobiles, many exciting developments would happen far more slowly - e.g. clever relevance filtering of incoming phone calls (based on your calendar [are you in a meeting], contacts [is it the boss or spouse], time of day [only family calls after midnight], ...), fixed-mobile convergence (roaming to WiFi at home), etc.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds