RE: Nokia 3560 Remote DOS

["Kane Lightowler" <Kane () contentsecurity com au>]

Even if Nokia does find this out first there is not to much they can do.

They can create a fix for a new firmware edition that will ship in new models but most models that are out in the 
public already will never get a firmware update.


Regards,
Kane

> -----Original Message-----
> From: full-disclosure-admin () lists netsys com
> [mailto:full-disclosure-admin () lists netsys com]On Behalf Of
> marklist () comcast net
> Sent: Thursday, July 08, 2004 1:43 PM
> To: full-disclosure () lists netsys com
> Subject: [Full-disclosure] Nokia 3560 Remote DOS
>
>
> Hello list,
>
>     I have found a vulnerability with Nokia's 3560 cellular 
> phone, in which anyone may remotely crash the phone's OS, 
> requiring the user to disconnect the battery to restore 
> normal functionality.  The attack only requires sending the 
> person a specially crafted text message.  This can be done 
> very easily via e-mail or from any capable cell phone.  
>
> I have only tested this on the 3560, but other models may be 
> vulnerable as well.  
>
> During the attack, the phone does not emit a "new message" 
> tone, and the message does not get stored in phone after 
> rebooting.  Victims have no way of knowing that they have 
> been attacked.
>
> I know this is FD and all, but due to the seriousness of this 
> attack, I would like to notify Nokia before posting full details. 
>
> Does anyone know of a security contact at Nokia?
>
> -Mark
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html