A new exploit, dubbed the ‘SMS curse of silence’, for a wide range of Symbian OS-based smartphones was made public by Tobias Engel at the twenty fifth Chaos Communication Congress, held in Berlin, Germany from 27 to 30 December.
The exploit crashes the SMS function on an affected phone, meaning the user cannot receive new text messages. Smartphones including UIQ devices, S60 2nd Edition Feature Packs 2 and 3, 3rd Edition and 3rd Edition Feature Pack 1 are at risk. However, all S60 3rd Edition Feature Pack 2 or 5th Edition phones are not affected.
The denial of service attack is spread through either a single or, depending on the phone model, several specifically formatted SMS messages. The messages crash the phone’s SMS system, but the phone remains functional otherwise. Older models do not show symptoms of the attack, however newer phones can show messages that the phone is running out of memory or experience constantly flashing message icons after the attack.
Samu Konttinen, vice president of the Mobile Business Unit at F-Secure, said: “Performing the attack does not require technical expertise, and due to this, there is a risk of it becoming a nuisance. We have already provided a security update to this threat to our F-Secure Mobile Security customers.”
F-Secure’s Mobile Security solution protects against this exploit by detecting and repairing the phone, ensuring that users don’t lose valuable messages stored in their inbox.