So now you can send an SMS and crash a mobile phone, so that the user is locked out.
Job de Haas, a security researcher at ITSX, has adapted a program called sms_client, which sends an SMS message from an Internet-connected PC, in which the User Data Header is broken.
During a presentation during the Black Hat conference last week, he demonstrated how a malformed message crashes a Nokia 6210 phone on its receipt. Once the message is received it is impossible to turn on an infected phone again.
The vulnerability is tied to the software used by a phone. The flaw affects Nokia 6210, 3310 and 3330 phones, de Haas has discovered, but not a Siemens phone he tried. Phones from other manufacturers are yet to be tested.
To fix the problem users have to put a SIM card into a phone without the bug. Alternatively if the SMS message is registered in a user's In-box this could be deleted with a SMS management tool on a PC.
News source: The Reg