Vulnerability Development mailing list archives

Re: Nokia 7110 Wap Browser Hole

From: tin () LE ORG (Tin Le)
Date: Thu, 20 Jul 2000 22:31:57 -0700


-----BEGIN PGP SIGNED MESSAGE-----

Well said.  In my day job, I work for a large network firm, and I research
new technology, wireless in particular.  The more I learn about WAP, the
more I dislike it.  IMHO, it's a re-inventing of the wheel, without learning
from the previous lessons of TCP/IP or the web.  I could go on grrrr. :-)

Anyway, to fill in some of your comments.

and then posted to popular web sites which host both HTML and WML code.  I don't
know how much confidence checking the WAP gateway box does on incoming WML code.


Most WAP gateway I've played with does not do validation of WML, they simply
"compile" textual WML into binary format (WMLC) to reduce the size before
sending it on to the browser.  If a web site already pre-compiled the file
into WMLC, the WAP gateway will simply pass it straight through.

As for WMLScript, since it is based on Javascript, all the holes in
Javascript is probably also possible in WMLScript.

It does parse out unnecessary HTML labels as a matter of course to reduce


You must be thinking of Nokia's gw (the only one I know that has this,
there may be others now).  Nokia WAP gw will do on-the-fly conversion
from HTML to WML.  But it's done in a very simplistic way.  It's just
stripping out all graphics, reducing complex tags, such as table and so
on down to simple elements.  However, not all WAP gw offers this feature.

A fledgling security firm looking for a market niche might do well to investiage
WAP.  If you are looking for areas to study, you might want to take a look at
the WAP specs  and white papers maintained at the WAP Forum
http://www.wapforum.com/what/technical.htm.  There's one spec on WAP WMLScript
crypto APIs, and another on the WAP Wireless Transport Layer Security
Specification.


It's fertile ground here folks.  Someone has already found an attack on
WTLS, look at http://www.jyu.fi/~mjos/

The wireless phone industry believes that by 2003 more people will be surfing
the net (in a limited way) and doing e-commerce through their cell phones than
by PCs.  The WAP stuff has got to work.  I think now would be a good time to get
the bugs identified and eliminated.


Yes, there is still a lot of work to be done to fix the problems in WAP.

Tin Le
- ----
http://tin.le.org
Tin Le - tin () le org
Firewall and Security Consulting

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAgUBOXfgTBiIIbPkDHhBAQFfAAP+IsyoDvJbo0ey4Z8bIMrBL8Bsq1Fwgkh1
ICGY7qsmdxfAlm/VgLr/wRXlqO+b76WivoT4uPqh1AuayJPMMiQok/d5anD4vsa+
70IA5ShqGOhedEXxDTctR3RdZOUgmKxtallYzrvvmkeRJLuu17dcXwOVMc0YHfj6
FLFDadfQupE=
=NKV9
-----END PGP SIGNATURE-----

Current thread:

Re: Nokia 7110 Wap Browser Hole, (continued)
- - - Re: Nokia 7110 Wap Browser Hole Roelof Temmingh (Jul 20)
    - Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 21)
    - Re: Nokia 7110 Wap Browser Hole Dave O Connor (Jul 21)
    - Réf. : HELP with IE Network Problem... Francois.Perreault () VMD DESJARDINS COM (Jul 21)
    - Re: HELP with IE Network Problem... Slawek (Jul 23)
    - Re: Nokia 7110 Wap Browser Hole Bluefish (Jul 21)
    - Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 27)
  - Nokia WAP server. Roelof Temmingh (Jul 20)
    - Re: Nokia WAP server. Tin Le (Jul 20)
- Re: Nokia 7110 Wap Browser Hole bhayes () UNLNOTES UNL EDU (Jul 20)
  - Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Pierre Vandevenne (Jul 21)