Security and Privacy Applied Research Lab

Exploiting Open Functionality in SMS-Capable Cellular Networks

Patrick McDaniel
Department of Computer Science and Engineering
Pennsylvania State University

Relevant resources:


Cellular networks are a critical component of the economic and social infrastructures in which we live. In addition to voice services, these networks deliver alphanumeric text messages to the vast majority of wireless subscribers. To encourage the expansion of this new service, telecommunications companies offer connections between their networks and the Internet. The ramifications of such connections, however, have not been fully recognized. In this talk, we evaluate the security impact of the SMS interface on the availability of the cellular phone network. Specifically, we demonstrate the ability to deny voice service to cities the size of Washington D.C. and Manhattan with little more than a cable modem. Moreover, attacks targeting the entire United States are feasible with resources available to medium-sized zombie networks. This analysis begins with an exploration of the structure of cellular networks. We then characterize network behavior and explore a number of reconnaissance techniques aimed at effectively targeting attacks on these systems. We conclude by discussing countermeasures that mitigate or eliminate the threats introduced by these attacks.


Patrick McDaniel is the Hartz Family Career Development Assistant Professor in the Computer Science and Engineering Department at the Pennsylvania State University, and co-director of the Systems and Internet Infrastructure Security Laboratory. He received his Ph.D. from the University of Michigan in 2001 where he studied the form, algorithmic limits, and enforcement of security policy. Prior to joining Penn State, Patrick was a senior technical staff Member of the Secure Systems Group at AT&T Labs-Research and is an Adjunct Professor of the Stern School of Business at New York University.

Patrick's recent research efforts have focused on telecommunications security, distributed systems security, network security, language- based security, and public policy and technical issues in digital media. Patrick is a past recipient of the NASA Kennedy Space Center fellowship, a frequent contributor to the IETF security standards, and has authored many papers and book chapters in various areas of systems security. He served as the Program Chair of the 2005 USENIX Security Symposium, the Vice Chair for Security and Privacy for WWW 2005, and is a co-Chair for the 2007 and 2008 IEEE Symposium for Security and Privacy. Patrick is also an associate editor of the journal ACM Transactions on Internet Technologies and a guest editor of the IEEE Transactions on Software Engineering. Prior to pursuing his Ph.D. in 1996, Patrick was a software architect and program manager in the telecommunications industry.