Using only Short Message Service (SMS) communications—messages that can be sent between mobile phones—a pair of security researchers were able to force low-end phones to shut down abruptly and knock them off a cellular network. As well as text messages, the SMS protocol can be used to transmit small programs, called "binaries," that run on a phone. Network operators use these files to, for example, change the settings on a device remotely. The researchers used the same approach to attack phones. They performed their tricks on handsets made by Nokia, LG, Samsung, Motorola, Sony Ericsson, and Micromax, a popular Indian cell-phone manufacturer.

 

[...]

 

The researchers were able to create malicious SMS messages for each type of phone they studied. The messages affect the phones without any response from the user. Because feature phones are so common, Mulliner says, such an attack "could take out a large percentage of mobile communications."

 

To target a specific user, an attacker would need to know what kind of phone he or she uses, since each platform requires a different message. But Mulliner says that attackers could easily knock out large numbers of phones by sending a set of five SMS messages—targeted to the five most popular models—to every device on a specific network. Mulliner notes that there are Internet-based services that send SMS messages en masse either cheaply or free, making it possible for an antagonist with limited resources to carry out such an attack from anywhere in the world.

http://www.schneier.com/blog/archives/2011/01/sms_of_death.html