Geo Location Based DDOS Targets Mobile Operators

Tuesday, July 27, 2010

Bozidar Spirovski


The sharp rise of smart mobile phones is introducing a new and concerning attack vector - a geo-location based DDOS.

Example Scenario

Imagine a popular mobile application (befrakeled like game) that is downloaded by many.

  1. The app contains a small amount of code to reference the phone's GPS and also check in with a command and control website.
  2. The attacker decides on a city to target and a popular time of day and then updates the command and control website.
  3. The mobie applications all check in with the C&C site and all mobile applications in the city area begin downloading large video files from YouTube.


  1. image


  • A massive sudden spike in high bandwidth usage of the mobile data network in a single metropolitan area.
  • Most cellular networks run near capacity during the lunch rushes of popular cities. A sudden massive spike such as this would likely push the network over the edge and bring it down entirely.

This is a tough issue to address and I think it warrants a bit of consideration.

This is a ShortInfosec guest post by Michael Coates, a senior application security consultant with extensive experience in application security, security code review and penetration assessments. He has conducted numerous security assessments for financial, enterprise and cellular customers world-wide. The original text is published on ...Application Security...

Possibly Related Articles:
Wireless DoS
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.