Symbian Phones Hit by SMS Vulnerability

A new exploit for a wide range of Symbian OS-based smartphones was made public last week. This exploit has been dubbed the "SMS Curse of Silence" by Tobias Engel, who discovered and disclosed the exploit at the 25th Chaos Communication Congress.

The exploit can make the text messaging function of the affected phone unusable. Affected phones cannot receive SMS text messages. Smartphones that can be attacked this way include UIQ devices and S60 2nd Edition Feature Packs 2 and 3, 3rd Edition and 3rd Edition Feature Pack 1. S60 3rd Edition Feature Pack 2 or 5th Edition phones are not affected.

The attack consists of sending one or, depending on the phone model, several specifically formatted SMS messages to the smartphone being targeted. The messages crash the phone's SMS system, but the phone remains functional otherwise. Older models do not show symptoms of the attack that would be visible to the user; however newer phones can show messages that the phone is running out of memory or experience constantly flashing message icons after the attack.

Samu Konttinen, Vice President of the Mobile Business Unit at F-Secure said, "Performing the attack does not require technical expertise, and due to this, there is a risk of it becoming a nuisance. We have already provided a security update to this threat to our F-Secure Mobile Security customers."

Posted to the site on 3rd January 2009