Stealth Attack Drains Cell Phone Batteries

"Battery power is the bottleneck for a cell phone," said Hao Chen, assistant professor of computer science at UC Davis. "It can't do anything with a dead battery." Cell phones are designed to conserve battery life by spending most of their time in standby mode.

Chen, and graduate students Denys Ma and Radmilo Racic, found that the MMS protocol, which allows cell phones to send and receive pictures, video and audio files, can be used to send packets of junk data to a cell phone. Every time the phone receives one of these packets, it "wakes up" from standby mode, but quickly discards the junk packet without ringing or alerting the user. Deprived of sleep by repeated pulses of junk data, the phone's batteries run down up to 20 times faster than in regular use.

The attacker needs to know the number and Internet address of the victim's cell phone, but those are easy to obtain, Chen said. The computer used to launch the attack could be anywhere on the Internet.

Chen and his students have tested the concept in the laboratory. They have also found other vulnerabilities in the MMS protocol -- one, for example, would allow users to circumvent billing for multimedia services and send files for free.

As cell phone providers offer more services, such as e-mail, Web surfing and file sharing, they become vulnerable to the same attacks as computers, as well as to new types of attack that exploit their specific vulnerabilities.

"It's important to evaluate security now, while cell phones are being connected to the broadband Internet," Chen said.

The work was presented at the 15th USENIX security symposium, July 31-Aug. 4 in Vancouver, Canada, and will be presented at IEEE Securecomm '06 in Baltimore, Md., Aug. 28-Sept. 1. The researchers notified service providers about the potential vulnerability before publishing their findings.