A Comprehensive Guide on Silent SMS Denial of Service (DoS) Attack | EFANI

Latest news

Discover the latest from our blog

A Comprehensive Guide on Silent SMS Denial of Service (DoS) Attack

When delivered to a mobile handset, silent messages, also known as Silent SMS or Stealth SMS “stealth ping”, or “Short Message Type 0”, are not indicated on the display or by an acoustic alert signal. This guide will concentrate on the technicalities of sending a silent SMS, as well as sending multiple incessant silent SMSs to perform a silent SMS denial of service (DoS) attack. These silent messages are increasingly being sent not only to perform DoS attacks but also to force the constant update of users’ or victims’ location (tracking) information.

What is Silent SMS or Flash SMS?

Silent SMS was originally intended to allow operators to detect whether a mobile phone was turned on and test the network without informing the user. They have, however, proven useful in the tracking down of suspects by police in a number of countries.

Using the GSM Network, silent SMS can pinpoint the exact location of a mobile phone. We can find a user by identifying the three antennas closest to him and then triangulating the distance based on the time it takes for a signal to return. When a person moves, their phone’s location is updated; however, the information is not updated immediately. The location of the mobile is instantly updated when a Silent SMS is sent. This is extremely useful because it allows you to locate someone at a specific time based on the airwaves.

ICYMI – In cellular communication networks, the SS7 (Signaling System No. 7) protocols are critical. Unfortunately, SS7 has a number of flaws that a malicious actor can exploit to launch attacks. Location tracking, SMS interception, and other types of signaling attacks are significant examples of these.

[TIP: EFANI’s Black Seal Protection against such hacks such as SS7, location tracking, DDoS, Silent SMS, IMSI Catchers and so on]

Source: Croft, N. J., & Olivier, M. S. (2007). A silent SMS denial of service (DoS) attack

The Silent SMS Denial of Service (DoS) attack is one of the more intriguing attacks. A typical DoS attack floods a network with excessive traffic, rendering its computer resources inaccessible to users. The same concept applies to mobile devices. Without the victim’s knowledge, a device can be flooded with silent SMS messages. Texts swamping the victim’s device will utilize the battery abnormally while preventing the device from receiving calls.

Targets Location Tracking

Malefactors who exploit SS7 protocol vulnerabilities frequently target location information and tracking. A silent SMS could be sent to the target mobile device to force it to update the existing (normally the closest) serving base station onto the mobile network in order to identify the target’s location.

The device user will not be notified if a message is received, as in a Silent SMS DoS attack. However, unlike a DoS attack, there are no visible signs that an attack is taking place. As a result, the victim is completely unaware that they are being followed.

SIM cards are also a major target because they use Wireless Internet Browsers (WIB), that are not adequately secured. Telecommunications companies use Over the Air (OTA) technology to communicate with WIBs in order to manage SIM cards.

Evil people can essentially send a silent SMS containing WIB instructions. The instructions are executed once they have been received on the victim’s device. At this point, the malefactor has several options, including obtaining location data, initiating a call, sending an SMS, or even launching a web browser with a particular URL.

The Culprit: Who is behind the Silent SMS attacks?

Though it has reportedly been used by authorities and governments in the past, the decreasing costs of equipment and broadband access have made this attack vector accessible to malefactors with little technical knowledge.

Why are silent SMS attacks so risky?

Cellular attacks that take advantage of the SS7 protocol are nothing new. However, due to the covert nature of silent SMS attacks, it is difficult to detect them before it is too late. As a result, silent SMS attacks are a compliance nightmare. A breach cannot be detected and, as a result, cannot be reported in accordance with the law. Invisible DoS attacks, OTA malware, and unauthorized location tracking are all dangerous, if not disastrous.

It is incumbent to bring this to readers’ attention that not only SS7 attacks are next to impossible to detect when they take place, but they also leave practically no traces in terms of forensics. The forensic investigator has little to no data to extract and analyze from the victim’s device.

This is, of course, unless the victim has an application on their mobile devices that is specifically supposed to detect and triangulate silent SMS.

The investigator may be able to examine the traffic on the cellular network and possibly detect the unprecedented number of messages sent. Sadly, the investigator must have the victim’s mobile in hand to confirm a real-time attack.

Who is vulnerable to a Silent SMS attack?

It is not critical for most users to have their location tracked or to lose wireless access due to a DoS attack. Attackers are most likely to target executives, VIPs, celebrities, crypto enthusiasts, and governments.

Attacks will almost certainly result in significant financial losses for enterprises, whereas national defense is at stake for governments. They must also consider the possible harm that could be accomplished if an attacker is able to install malware on the device by exploiting WIB vulnerabilities on SIM cards.

The much-needed protection

The one and only effective way to identify and prevent such attack vectors are at the network level (speaking of mobile here). This necessitates the use of EFANI’s Black Seal Protection aimed at “plugging” the security vulnerabilities left by the primitive SS7 protocol, which is still in use presently.

Currently, most of the defense against silent SMS DoS attacks is left to individuals (going through such emotional stress) and cybersecurity professionals in companies, who (unfortunately) have little or no tools to do so. For telecom companies since this pandemic means taking a global approach to SS7 protection. It thus necessitates the implementation of appropriate safeguards and security mechanisms to prevent their networks and registered user devices from such hacks.