|
Vulnerability AT&T Wireless text-messaging service Affected Those using ATT wireless PCS phone with Tier-2 voicemail Description Peter Gamache found and experienced following. Recently, he had the misfortune of having an automated process at work that reports errors to my PCS phone (via email, NxxXxxXxxx@mobile.att.net) go haywire, and send him a hundred (or so) messages a day. Even better, this happened on the July 4th weekend, so he was stuck with over 300 messages queued to him. After getting sick of repeating the key sequence for "delete all messages" on his Nokia 6160, he gave up, and called AT&T Wireless customer service. Apparently, they've got no way to clear messages from the queue on their side. The first time Peter asked, they said, "Sure, we'll take care of it." Of course, they didn't. They deleted his voice mailbox (with saved messages in it!), but it didn't clear the SMS text message queue, which is apparently monaged by a different system. After a second phonecall to get his voicemail re-activated, Peter went through the hassle of trying to convince the customer support people that A) he didn't want them to erase the text messages that were already on my phone and B) the messages don't just dissapear when someone sends them to you, they are held in a queue somwhere when your phone's memory is filled. (they seem to think that if your memory is full, the new messages get discarded -- which is NOT the case). In short, if you discover someone who has an ATT wireless PCS phone with Tier-2 voicemail (SMS text messaging via an email gateway, such as 612-555-1212 becomes 6125551212@mobile.att.net), you can cause an effective denial of service to the poor victim by sending them a few thousand messages, and according to ATT Customer Service, there's no way for them to dequeue the messages... Solution AT&T's official advice is :"Menu -> Messages -> Text -> Erase All -> Security Code -> OK" Repeat, ad nauseam.