Mobile phone users could be hit by a denial-of-service attack.
Called the ‘SMS Curse of Silence', it can crash the SMS function of the phone, meaning users cannot receive new text messages.
According to researcher Tobias Engel, who was speaking at the Chaos Communication Congress in Berlin, the attack uses specially formatted SMS messages to wage a denial-of-service attack on the victim's phone. It targets a vulnerability in versions 8 through 9.2 of the Symbian operating system and so far has been shown to affect the Nokia Series 60 phone versions 2.6, 2.8, 3.0, 3.1, and the Sony Ericsson UiQ.
Engel explained that the denial-of-service attack consists of sending one, or depending on the phone model, several specifically formatted SMS messages to the smartphone that is being targeted.
The messages then crash the phone's SMS system, but the phone remains functional otherwise. Older models do not show symptoms of the attack that would be visible to the user, however newer phones can show messages that the phone is running out of memory or experience constantly flashing message icons after the attack.
Engel said: “At least it is not possible to steal user data from the phones or make calls at other people's expense, but it shows again that mobile phones are just computers which are connected to the network all the time. Phone manufacturers and network operators have to make sure that there is a way to quickly deploy bug-fix firmware releases to phones, free of charge to the user."
Smartphones that can be attacked this way include UiQ devices and S60 2nd Edition Feature Packs 2 and 3, 3rd Edition and 3rd Edition Feature Pack 1. S60 3rd Edition Feature Pack 2 or 5th Edition phones are not affected.
Samu Konttinen, vice president of the Mobile Business Unit at F-Secure said: “Performing the attack does not require technical expertise, and due to this, there is a risk of it becoming a nuisance.”