The sharp rise of smart mobile phones is introducing a new and concerning attack vector – a geo-location based DDOS.
Example Scenario
Imagine a popular mobile application (bejeweled like game) that is downloaded by many.
- The app contains a small amount of code to reference the phone’s GPS and also check in with a command and control website.
- The attacker decides on a city to target and a popular time of day and then updates the command and control website.
- The mobie applications all check in with the C&C site and all mobile applications in the city area begin downloading large video files from YouTube.
Result?
- A massive sudden spike in high bandwidth usage of the mobile data network in a single metropolitan area.
- Most cellular networks run near capacity during the lunch rushes of popular cities. A sudden massive spike such as this would likely push the network over the edge and bring it down entirely.
This is a tough issue to address and I think it warrants a bit of consideration.
This is a guest post by Michael Coates, a senior application security consultant with extensive experience in application security, security code review and penetration assessments. He has conducted numerous security assessments for financial, enterprise and cellular customers world-wide.
The original text is published on …Application Security…
Talkback and comments are most welcome
Related posts
GSM Encryption Broken – Cellular Calls At Risk
When Will Your Mobile Phone get Hacked?
