Geo Location based DDOS can target Mobile Operators

The sharp rise of smart mobile phones is introducing a new and concerning attack vector - a geo-location based DDOS.

Example Scenario
Imagine a popular mobile application (bejeweled like game) that is downloaded by many.

  1. The app contains a small amount of code to reference the phone's GPS and also check in with a command and control website.
  2. The attacker decides on a city to target and a popular time of day and then updates the command and control website.
  3. The mobie applications all check in with the C&C site and all mobile applications in the city area begin downloading large video files from YouTube.


Result?
  • A massive sudden spike in high bandwidth usage of the mobile data network in a single metropolitan area.
  • Most cellular networks run near capacity during the lunch rushes of popular cities. A sudden massive spike such as this would likely push the network over the edge and bring it down entirely.

This is a tough issue to address and I think it warrants a bit of consideration.

This is a guest post by Michael Coates, a senior application security consultant with extensive experience in application security, security code review and penetration assessments. He has conducted numerous security assessments for financial, enterprise and cellular customers world-wide.
The original text is published on ...Application Security...

Talkback and comments are most welcome

Related posts
GSM Encryption Broken - Cellular Calls At Risk
When Will Your Mobile Phone get Hacked?

9 comments:

virtue said...

it's a good article :)

Sam said...

Good warning, but I would rather be interested in knowing if this means that someone might know where you are without you giving permission for it...

Sam
www.samrag.com

Bozidar Spirovski said...

To Sam
Actually that is a very legitimate point but requires a lot more work - one needs to identify your phone, make you install the malicious software and then track you - a lot more work then the generic 'shotgun principle' of the DDoS attack.

Eric said...

Hi, ur blog is really nice and informative, i truly like it. I just wanna suggest that u should go for blog advertising & marketing there is a website which is offering very unique features at affordable prices. There are Expert advertising teams who will promote ur blog & affiliate ads through all over the networks. All u have to do is submit your blog plus pay affordable prices and rest leave it to Advertising Team for Promotion & Marketing then see how u enjoy a lots of quality traffic plus good readers to ur blog. Finally I have bookmarked ur blog & shared with my friends.!!happy blogging!!.

EddieGarcia said...

Very interesting article. I realize there is a lot going on in the world that I do not understand & if the truth is known, I don't want to know about either. Something like this fascinates me & it's amazing that we have progressed this far in our securities and communications. Thanks for sharing this article!

Friends 4 Life!

henry J said...

really very nice info abt security. keep itup. checkout my new blog @ http://simplygetit.blogspot.com


Make Money Online - Visit 10 websites and earn 5.5$. Click here to see the Proof

Blog Tactic said...

interesting scenario. the risk is definitely there.

Sunmugam Chidambaram said...


Good post like to Read More Like this
xender for pc

Roshaan Asghar said...

These information security short keys are very useful.
Showbox app

Designed by Posicionamiento Web