ATT_DoS.txt

`Subject: DoS attack on AT&T Wireless text-messaging service  
To: [email protected]   
  
  
Recently, I've had the misfortune of having an automated process at work  
that reports errors to my PCS phone (via email, [email protected])  
go haywire, and send me a hundred (or so) messages a day. Even better, this  
happened on the July 4th weekend, so I was stuck with over 300 messages  
queued to me. After getting sick of repeating the key sequence for "delete  
all messages" on my Nokia 6160, I gave up, and called AT&T Wireless customer  
service. Apparently, they've got no way to clear messages from the queue on  
their side.  
  
  
The first time I asked, they said, "Sure, we'll take care of it." Of  
course, they didn't. They deleted my voice mailbox (with saved messages in  
it! Grr!), but it didn't clear the SMS text message queue, which is  
apparently monaged by a different system.  
  
  
After a second phonecall to get my voicemail re-activated, I went through  
the hassle of trying to convince the customer support people that A) I  
didn't want them to erase the text messages that were already on my phone.  
B) The messages don't just dissapear when someone sends them to you, they  
are held in a queue somwhere when your phone's memory is filled. (they seem  
to think that if your memory is full, the new messages get discarded --  
which is NOT the case).  
  
  
In short, if you discover someone who has an ATT wireless PCS phone with  
Tier-2 voicemail (SMS text messaging via an email gateway, such as  
612-555-1212 becomes [email protected]), you can cause an effective  
denial of service to the poor victim by sending them a few thousand  
messages, and according to ATT Customer Service, there's no way for them to  
dequeue the messages...  
  
  
AT&T's official advice is :"Menu -> Messages -> Text -> Erase All ->  
Security Code -> OK" Repeat, ad nauseam. My fingers are tired. :(  
  
  
- Peter  
`