Vulnerability Development mailing list archives
Re: Nokia 7110 Wap Browser Hole
From: bhayes () UNLNOTES UNL EDU (bhayes () UNLNOTES UNL EDU)
Date: Thu, 20 Jul 2000 15:22:19 -0500
I recently did an article for Smart Computing on WAP devices. There are several areas which mightbe vulnerable to DoS or exploitation: the WAP gateway box which interfaces the wireless net with the rest of the Internet, the WAP application server, and the WAP browser itself. Exploits could be written using WML code and then posted to popular web sites which host both HTML and WML code. I don't know how much confidence checking the WAP gateway box does on incoming WML code. It does parse out unnecessary HTML labels as a matter of course to reduce bandwidth useage. Beyond that bit, my knowedge of WAP technology gets fuzzy. In my current job there's no pressing need for me to go much further. A fledgling security firm looking for a market niche might do well to investiage WAP. If you are looking for areas to study, you might want to take a look at the WAP specs and white papers maintained at the WAP Forum http://www.wapforum.com/what/technical.htm. There's one spec on WAP WMLScript crypto APIs, and another on the WAP Wireless Transport Layer Security Specification. Of all my sources, Nokia seemed to be the most forthcoming and confident about the technology. Several vendors furnished jpegs of their WAP-enabled wireless phones, but little else. Microsoft did seem very upbeat about their Windows CE smart phones which are being marketed in Euope. Considering how open Windows has proved, that would be a fruitful area of study. I believe Sony and Benefon are the two manufacturers using the Windows CE technology. The wireless phone industry believes that by 2003 more people will be surfing the net (in a limited way) and doing e-commerce through their cell phones than by PCs. The WAP stuff has got to work. I think now would be a good time to get the bugs identified and eliminated. Bill... William Hayes, Computer Specialist, Communications & Information Technology Network Security Consultant, Information Services Networking & Ops Center University of Nebraska Lincoln, 201 Miller Hall, Lincoln NE 68583-0713 E-mail: whayes1 () unl edu
Current thread:
- Re: Nokia 7110 Wap Browser Hole, (continued)
- Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Roelof Temmingh (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 21)
- Re: Nokia 7110 Wap Browser Hole Dave O Connor (Jul 21)
- Réf. : HELP with IE Network Problem... Francois.Perreault () VMD DESJARDINS COM (Jul 21)
- Re: HELP with IE Network Problem... Slawek (Jul 23)
- Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Bluefish (Jul 21)
- Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 27)
- Re: Nokia WAP server. Tin Le (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 20)