Two insecurity experts have been showing off a technique which allows them to control a mobile phone anywhere in the world using SMS. Nico Golde and Collin Mulliner showed a video demonstration of phones from a wide range of manufacturers, including LG, Sony Ericsson, Nokia and others rebooting, freezing and generally acting flaky after receiving the crafted SMS messages.
The pair used the technique on feature phones, because feature phones still are far more prevalent in most of the world than smartphones are, so the target area is much larger. In a demonstration at CanSecWest the pair said that the attack did not need user interaction and the attacker can be anywhere in the world.
What they did was set up their own GSM network using a laptop running OpenBSC and targeted various phones that they purchased on eBay. These included a Nokia S40, a variety of LG handsets and Sony Ericsson devices. The messages they sent included a binary payload.
In most cases they could get the phone to reboot or freeze on a start-up screen. In one case they totally bricked a Sony Ericsson phone.