Researchers at Pennsylvania State University have determined that it’s possible to launch an effective denial of service attack on cellphone networks, either in a localized area or nationwide, by flooding known cellphones in the area with SMS messages (see summary, paper and NYTimes article). The attack relies on using web and Internet-based SMS portals to overwhelm the wireless data-band, which is also used for connecting voice calls. Since only messages that are actually delivered over-the-air contribute to the network congestion, attackers would first need to generating a “hit-list” of known-valid cellphones (for example, by scraping websites for cellphone numbers in a given prefix and then slowly testing those for SMS capability before starting the attack).
One snippit from the paper I found interesting was how different cellphone providers deal with a backup of SMS messages awaiting delivery to a single user (e.g. when the cellphone is turned off): AT&T buffered all 400 test SMS messages, Verizon only kept the last 100 messages sent (FIFO eviction), and Sprint only kept the first 30 (LIFO eviction).