Subject:      DoS attack on AT&T Wireless text-messaging service
To: BUGTRAQ@SECURITYFOCUS.COM 


Recently, I've had the misfortune of having an automated process at work
that reports errors to my PCS phone (via email, NxxXxxXxxx@mobile.att.net)
go haywire, and send me a hundred (or so) messages a day.  Even better, this
happened on the July 4th weekend, so I was stuck with over 300 messages
queued to me.  After getting sick of repeating the key sequence for "delete
all messages" on my Nokia 6160, I gave up, and called AT&T Wireless customer
service.  Apparently, they've got no way to clear messages from the queue on
their side.


The first time I asked, they said, "Sure, we'll take care of it."   Of
course, they didn't.  They deleted my voice mailbox (with saved messages in
it!  Grr!), but it didn't clear the SMS text message queue, which is
apparently monaged by a different system.


After a second phonecall to get my voicemail re-activated, I went through
the hassle of trying to convince the customer support people that A) I
didn't want them to erase the text messages that were already on my phone.
B) The messages don't just dissapear when someone sends them to you, they
are held in a queue somwhere when your phone's memory is filled.  (they seem
to think that if your memory is full, the new messages get discarded --
which is NOT the case).


In short, if you discover someone who has an ATT wireless PCS phone with
Tier-2 voicemail (SMS text messaging via an email gateway, such as
612-555-1212 becomes 6125551212@mobile.att.net), you can cause an effective
denial of service to the poor victim by sending them a few thousand
messages, and according to ATT Customer Service, there's no way for them to
dequeue the messages...


AT&T's official advice is :"Menu -> Messages -> Text -> Erase All ->
Security Code -> OK" Repeat, ad nauseam.   My fingers are tired. :(


- Peter