Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Phreaking Cellular - Misc. :: sms-dos.htm

Denial of Service against AT&T phones with SMS



Vulnerability

    AT&T Wireless text-messaging service

Affected

    Those using ATT wireless PCS phone with Tier-2 voicemail

Description

    Peter  Gamache  found  and  experienced  following.   Recently, he
    had the  misfortune of  having an  automated process  at work that
    reports    errors    to     my    PCS     phone    (via     email,
    NxxXxxXxxx@mobile.att.net) go haywire, and send him a hundred  (or
    so) messages a day.   Even better, this happened  on the July  4th
    weekend, so  he was  stuck with  over 300  messages queued to him.
    After getting sick of repeating  the key sequence for "delete  all
    messages" on his Nokia 6160, he gave up, and called AT&T  Wireless
    customer  service.   Apparently,  they've  got  no  way  to  clear
    messages from the queue on their side.

    The first time Peter asked,  they said, "Sure, we'll take  care of
    it."   Of course,  they didn't.   They deleted  his voice  mailbox
    (with saved  messages in  it!), but  it didn't  clear the SMS text
    message  queue,  which  is  apparently  monaged  by  a   different
    system.   After   a  second   phonecall  to   get  his   voicemail
    re-activated, Peter went through the hassle of trying to  convince
    the customer support people that  A) he didn't want them  to erase
    the  text  messages  that  were  already  on  my  phone and B) the
    messages  don't  just  dissapear  when  someone sends them to you,
    they are  held in  a queue  somwhere when  your phone's  memory is
    filled.  (they seem to think that if your memory is full, the  new
    messages get discarded -- which is NOT the case).

    In short,  if you  discover someone  who has  an ATT  wireless PCS
    phone  with  Tier-2  voicemail  (SMS  text  messaging via an email
    gateway, such as 612-555-1212 becomes  6125551212@mobile.att.net),
    you can cause  an effective denial  of service to  the poor victim
    by sending  them a  few thousand  messages, and  according to  ATT
    Customer  Service,  there's  no  way  for  them  to  dequeue   the
    messages...

Solution

    AT&T's official advice is :"Menu -> Messages -> Text -> Erase  All
    -> Security Code -> OK" Repeat, ad nauseam.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH