Vulnerability Development mailing list archives

Re: Nokia 7110 Wap Browser Hole

From: bhayes () UNLNOTES UNL EDU (bhayes () UNLNOTES UNL EDU)
Date: Thu, 20 Jul 2000 15:22:19 -0500


I recently did an article for Smart Computing on WAP devices.  There are several
areas which mightbe vulnerable to DoS or exploitation: the WAP gateway box which
interfaces the wireless net with the rest of the Internet, the WAP application
server, and the WAP browser itself.  Exploits could be written using WML code
and then posted to popular web sites which host both HTML and WML code.  I don't
know how much confidence checking the WAP gateway box does on incoming WML code.
It does parse out unnecessary HTML labels as a matter of course to reduce
bandwidth useage.  Beyond that bit, my knowedge of WAP technology gets fuzzy.
In my current job there's no pressing need for me to go much further.

A fledgling security firm looking for a market niche might do well to investiage
WAP.  If you are looking for areas to study, you might want to take a look at
the WAP specs  and white papers maintained at the WAP Forum
http://www.wapforum.com/what/technical.htm.  There's one spec on WAP WMLScript
crypto APIs, and another on the WAP Wireless Transport Layer Security
Specification.

Of all my sources, Nokia seemed to be the most forthcoming and confident about
the technology.  Several vendors furnished jpegs of their WAP-enabled wireless
phones, but little else.  Microsoft did seem very upbeat about their Windows CE
smart phones which are being marketed in Euope.  Considering how open Windows
has proved, that would be a fruitful area of study. I believe Sony and Benefon
are the two manufacturers using the Windows CE technology.

The wireless phone industry believes that by 2003 more people will be surfing
the net (in a limited way) and doing e-commerce through their cell phones than
by PCs.  The WAP stuff has got to work.  I think now would be a good time to get
the bugs identified and eliminated.

Bill...

William Hayes, Computer Specialist, Communications & Information Technology
Network Security Consultant, Information Services Networking & Ops Center
University of Nebraska Lincoln,   201 Miller Hall, Lincoln NE 68583-0713
E-mail: whayes1 () unl edu

Current thread:

Re: Nokia 7110 Wap Browser Hole, (continued)
- - Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 20)
    - Re: Nokia 7110 Wap Browser Hole Roelof Temmingh (Jul 20)
    - Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 21)
    - Re: Nokia 7110 Wap Browser Hole Dave O Connor (Jul 21)
    - Réf. : HELP with IE Network Problem... Francois.Perreault () VMD DESJARDINS COM (Jul 21)
    - Re: HELP with IE Network Problem... Slawek (Jul 23)
    - Re: Nokia 7110 Wap Browser Hole Bluefish (Jul 21)
    - Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 27)
  - Nokia WAP server. Roelof Temmingh (Jul 20)
    - Re: Nokia WAP server. Tin Le (Jul 20)
- Re: Nokia 7110 Wap Browser Hole bhayes () UNLNOTES UNL EDU (Jul 20)
  - Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Pierre Vandevenne (Jul 21)