[Full-Disclosure] Nokia 3560 Remote DOS
Kane at contentsecurity.com.au
Thu Jul 8 06:06:55 BST 2004
Even if Nokia does find this out first there is not to much they can do.
They can create a fix for a new firmware edition that will ship in new models but most models that are out in the public already will never get a firmware update.
> -----Original Message-----
> From: full-disclosure-admin at lists.netsys.com
> [mailto:full-disclosure-admin at lists.netsys.com]On Behalf Of
> marklist at comcast.net
> Sent: Thursday, July 08, 2004 1:43 PM
> To: full-disclosure at lists.netsys.com
> Subject: [Full-Disclosure] Nokia 3560 Remote DOS
> Hello list,
> I have found a vulnerability with Nokia's 3560 cellular
> phone, in which anyone may remotely crash the phone's OS,
> requiring the user to disconnect the battery to restore
> normal functionality. The attack only requires sending the
> person a specially crafted text message. This can be done
> very easily via e-mail or from any capable cell phone.
> I have only tested this on the 3560, but other models may be
> vulnerable as well.
> During the attack, the phone does not emit a "new message"
> tone, and the message does not get stored in phone after
> rebooting. Victims have no way of knowing that they have
> been attacked.
> I know this is FD and all, but due to the seriousness of this
> attack, I would like to notify Nokia before posting full details.
> Does anyone know of a security contact at Nokia?
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Full-Disclosure is hosted and sponsored by Secunia.