Stealth Attack Drains Cell Phone Batteries

Aug 24, 2006

Cell phones that can send or receive multimedia files could be targeted by an attack that stealthily drains their batteries, leaving cellular communications networks useless, according to computer security researchers at UC Davis.

"Battery power is the bottleneck for a cell phone," said Hao Chen, assistant professor of computer science at UC Davis. "It can't do anything with a dead battery." Cell phones are designed to conserve battery life by spending most of their time in standby mode.

Chen, and graduate students Denys Ma and Radmilo Racic, found that the MMS protocol, which allows cell phones to send and receive pictures, video and audio files, can be used to send packets of junk data to a cell phone. Every time the phone receives one of these packets, it "wakes up" from standby mode, but quickly discards the junk packet without ringing or alerting the user. Deprived of sleep by repeated pulses of junk data, the phone's batteries run down up to 20 times faster than in regular use.

The attacker needs to know the number and Internet address of the victim's cell phone, but those are easy to obtain, Chen said. The computer used to launch the attack could be anywhere on the Internet.

Chen and his students have tested the concept in the laboratory. They have also found other vulnerabilities in the MMS protocol -- one, for example, would allow users to circumvent billing for multimedia services and send files for free.

As cell phone providers offer more services, such as e-mail, Web surfing and file sharing, they become vulnerable to the same attacks as computers, as well as to new types of attack that exploit their specific vulnerabilities.

"It's important to evaluate security now, while cell phones are being connected to the broadband Internet," Chen said.

The work was presented at the 15th USENIX security symposium, July 31-Aug. 4 in Vancouver, Canada, and will be presented at IEEE Securecomm '06 in Baltimore, Md., Aug. 28-Sept. 1. The researchers notified service providers about the potential vulnerability before publishing their findings.

Source: UC Davis

Explore further: HBO Now will be available through Android too this summer

Related Stories

For US allies, paradigm shift in intelligence collection

May 20, 2015

Fearful of an expanding extremist threat, countries that for years have relied heavily on U.S. intelligence are quickly building up their own capabilities with new technology, new laws and—in at least one ...

Secure payment on Internet?

Mar 31, 2015

Now that it has become a common feature on the news to hear about cyber attacks on an international scale, cybersecurity is seen as a first priority by Internet users. There can be no doubt that the web has become a battleground ...

UK rolls out eLoran as GPS backup for safe navigation

Nov 04, 2014

The UK is on top of being GPS-fail proactive with its rollout of eLoran stations along the UK coastline. eLoran is now available at Dover and along the East coast of the UK. The rollout is for the purpose ...

CloudFlare tackles lost SSL key risk with Keyless SSL

Sep 19, 2014

Organizations looking for and concerned about optimal security protection are the targets of a new service announced by San Francisco-based CloudFlare. The offering is called Keyless SSL. CloudFlare explained ...

BART ready for renewed protests after cyber attack

Aug 15, 2011

(AP) -- San Francisco's mass transit system prepared for renewed protests Monday, a day after hackers angry over blocked cell phone service at some transit stations broke into a website and posted company ...

Recommended for you

Germany auctions off new mobile phone frequencies

May 27, 2015

Germany on Wednesday started an auction of frequencies for mobile phone operators, pledging that users will soon enjoy nationwide super-fast 4G coverage without "black holes" in rural areas.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.