Thursday, January 7, 2010

Geo Location Based DDOS from Mobile

The sharp rise of smart mobile phones is introducing a new and concerning attack vector - a geo-location based DDOS. Imagine a popular mobile application (bejeweled like game) that is downloaded by many. The app contains a small amount of code to reference the phone's GPS and also check in with a command and control website. The attacker decides on a city to target and a popular time of day and then updates the command and control website. The mobie applications all check in with the C&C site and all mobile applications in the city area begin downloading large video files from YouTube.

Result?
A massive sudden spike in high bandwidth usage of the mobile data network in a single metropolitan area. Most cellular networks run near capacity during the lunch rushes of popular cities. A sudden massive spike such as this would likely push the network over the edge and bring it down entirely.


This is a tough issue to address and I think it warrants a bit of consideration.



-Michael Coates