Full Disclosure mailing list archives
RE: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS
From: "Paul Kurczaba" <seclists () securinews com>
Date: Mon, 24 Jan 2005 14:42:50 -0500
Wouldn't the phone try to open the jpg file as a picture, and not execute it. Just like on desktop PCs: if you rename a .exe (application/program) to a jpg (picture file), and try to open the file, your image program will open the file, thinking it is a image file. The application code will not be executed. -----Original Message----- From: full-disclosure-bounces () lists netsys com [mailto:full-disclosure-bounces () lists netsys com] On Behalf Of rohit () kritikalsolutions com Sent: Monday, January 24, 2005 12:01 AM To: bugtraq () securityfocus com; full-disclosure () lists netsys com Subject: [Full-disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS Hi, I forwarded this bug to Nokia security group, they believe it is a feature and not a bug. Whats your opinion?
1. By default, executable files cannot be transferred (many mobile game companies probably earn their bread because games are not transferrable from one phone to the next). But if you rename the file (install file) to any extension such as jpg or an unknown extension, it can be transferred! So if i need to transfer a virus, all i need to do is rename the file to some jpg extension and and transfer it! 2. When series 60 OS receives such a file, it executes it immediately. For example, in case a MMS message comes with a picture or an installer attachment, Nokia would immediately start running the attachment. This is a major design flaw. Imagine a virus, renamed as a .jpg (mobile wall paper) is downloaded by users on p2p networks or from a website or can come from a friend. Virus installs itself and than shows a jpg file, so user does not suspect anything, while he is now infected. This is than sent to everyone in the address book, who again just see the wall paper after a prompt, while the virus has installed itself. The first problem can be used to exchange mobile games and ring tones for free. When you try to transfer the same without renaming, the OS does not allow transferring them. Thanks Rohit Dube New Delhi. Nokia response to both the problems follows: Hi Rohit, Sorry for the delay answering back to you. About your findings, the first one with sending files after changing the extension is a known limitation of the current implementation. We also implement OMA DRM 2 which will work as expected in such situations. The second one is also know feature, the file type is not determinated from the extension but from the content of the file. So a sis package renamed to an jpeg file still looks from the inside as a sis package and so the user is prompted for installation. Thank you again for your report. tatu
-----Original Message----- From: ext rohit () kritikalsolutions com [mailto:rohit () kritikalsolutions com] Sent: Tuesday, January 18, 2005 04:17 To: Mannisto Tatu (Nokia-TP-PST/Tampere); Ahlberg Janne (Nokia-M/Tampere) Subject: RE: series 60 os auto executes files Hi Tatu, Janne, Any information on this vulnerability? Can you please confirm your findings and send me an update on when should I/we disclose it? Thanks Rohit
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS rohit (Jan 24)
- Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS KF (lists) (Jan 24)
- Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS Valdis . Kletnieks (Jan 24)
- RE: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS Paul Kurczaba (Jan 24)
- Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS Thierry Zoller (Jan 24)
- Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS Anders Langworthy (Jan 24)
- Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS dk (Jan 24)
- Re: 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS KF (lists) (Jan 24)