A Comprehensive Guide on Silent SMS Denial of Service (DoS) Attack

When delivered to a mobile handset, silent messages, also known as Silent SMS or Stealth SMS "stealth ping" or "Short Message Type 0", are not indicated on display or by an acoustic alert signal. This guide will concentrate on the technicalities of sending a silent SMS and multiple incessant silent SMSs to perform a silent SMS denial of service (DoS) attack. These silent messages are increasingly being sent not only to perform DoS attacks but also to force the constant update of users' or victims' location (tracking) information.

What is Silent SMS or Flash SMS?

Silent SMS was initially intended to allow operators to detect whether a mobile phone was turned on and test the network without informing the user. They have, however, proven helpful in the tracking down of suspects by police in several countries.

Using the GSM Network, silent SMS can pinpoint the exact location of a mobile phone. We can find a user by identifying the three antennas closest to him and then triangulating the distance based on the time it takes for a signal to return. When a person moves, their phone's location is updated; however, the information is not updated immediately. The location of the mobile is instantly updated when a Silent SMS is sent. This is extremely useful because it allows you to locate someone at a specific time based on the airwaves.

ICYMI: The SS7 (Signaling System No. 7) protocols are critical in cellular communication networks. Unfortunately, SS7 has several flaws that a malicious actor can exploit to launch attacks. Location tracking, SMS interception, and other signaling attacks are significant examples.

[TIP: EFANI's Black Seal Protection against such hacks such as SS7, location tracking, DDoS, Silent SMS, IMSI Catchers and so on]

Source: Croft, N. J., & Olivier, M. S. (2007). A silent SMS denial of service (DoS) attack 

The Silent SMS Denial of Service (DoS) attack is one of the more intriguing attacks. A typical DoS attack floods a network with excessive traffic, rendering its computer resources inaccessible to users. The same concept applies to mobile devices. Without the victim's knowledge, a device can be flooded with silent SMS messages. Texts swamping the victim's device will utilize the battery abnormally while preventing the device from receiving calls.

Targets Location Tracking

Malefactors who exploit SS7 protocol vulnerabilities frequently target location information and tracking. A silent SMS could be sent to the target mobile device to force it to update the existing (usually the closest) serving base station onto the mobile network to identify the target's location.

The device user will not be notified if a message is received, as in a Silent SMS DoS attack. However, unlike a DoS attack, there are no visible signs that an attack is taking place. As a result, the victim is completely unaware that they are being followed.

SIM cards are also a significant target because they use Wireless Internet Browsers (WIB) that are not adequately secured. Telecommunications companies use Over Air (OTA) technology to communicate with WIBs to manage SIM cards.

Evil people can essentially send a silent SMS containing WIB instructions. The instructions are executed on the victim's device once they have been received. At this point, the malefactor has several options, including obtaining location data, initiating a call, sending an SMS, or even launching a web browser with a particular URL.

The Culprit: Who is behind the Silent SMS attacks?

Though it has reportedly been used by authorities and governments in the past, the decreasing equipment and broadband access costs have made this attack vector accessible to malefactors with little technical knowledge.

Why are silent SMS attacks so risky?

Cellular attacks that take advantage of the SS7 protocol are nothing new. However, the covert nature of silent SMS attacks makes it difficult to detect them before it is too late. As a result, silent SMS attacks are a compliance nightmare. A breach cannot be detected and, as a result, cannot be reported by the law. Invisible DoS attacks, OTA malware, and unauthorized location tracking are dangerous, if not disastrous.

It is incumbent to bring this to readers' attention that not only are SS7 attacks next to impossible to detect when they occur, but they also leave practically no traces in forensics. The forensic investigator has little to no data to extract and analyze from the victim's device.

This is, of course, unless the victim has an application on their mobile devices that is specifically supposed to detect and triangulate silent SMS.

The investigator may be able to examine the traffic on the cellular network and possibly detect the unprecedented number of messages sent. Sadly, the investigator must have the victim's mobile in hand to confirm a real-time attack.

Who is vulnerable to a Silent SMS attack?

It is not critical for most users to have their location tracked or to lose wireless access due to a DoS attack. Attackers are most likely to target executives, VIPs, celebrities, crypto enthusiasts, and governments.

Attacks will almost certainly result in significant financial losses for enterprises, whereas national defence is at stake for governments. They must also consider the possible harm that could be accomplished if an attacker can install malware on the device by exploiting WIB vulnerabilities on SIM cards.

The much-needed protection

The only effective way to identify and prevent such attack vectors is at the network level (speaking of mobile here). This necessitates the use of EFANI's Black Seal Protection aimed at "plugging" the security vulnerabilities left by the primitive SS7 protocol, which is still in use presently.

Currently, most of the defence against silent SMS DoS attacks is left to individuals (going through such emotional stress) and cybersecurity professionals in companies, who (unfortunately) have little or no tools to do so. This pandemic means taking a global approach to SS7 protection for telecom companies. It thus necessitates the implementation of appropriate safeguards and security mechanisms to prevent their networks and registered user devices from such hacks.

Want Guaranteed Protection Against SIM Swap? Reach Out to Us.