A Silent SMS Denial of Service (DoS) Attack

Global System for Mobile communications (GSM) is a popular mobile communications network. Short Message Service (SMS) is an easily adopted person-to-person communications technology for mobile devices. The GSM architecture allows for the insertion of mass application-generated SMS messages directly into the network infrastructure. This is achieved through a SMS Mobile Switching Centre (SMSC) using a variety of request-response protocols, for example Short Message Peer-ToPeer Protocol (SMPP). Through protocol manipulation, an application may generate an SMS which neither displays on the mobile handset nor provides an acoustic signal. Known as a “Silent” SMS, this occurs where the mobile handset must acknowledge receipt of the short message but may discard its contents. A “Silent” SMS may help police services detect the existence of a mobile handset without the intended party knowing about the request. In contrast, a mass continuous send of “Silent” SMS messages will constitute an invisible Denial of Service (DoS) attack on a mobile handset. Such a mobile handset DoS attack may be conducted for economic advantage to elude another party from communicating. This paper describes, from a technical perspective, how a silent application-generated denial of service (DoS) SMS attack is conducted. We then investigate possible ways of thwarting such an attack at a GSM network level. Furthermore we explore related SMS attacks on the GSM network.