Vulnerability Development mailing list archives
Re: Nokia 7110 Wap Browser Hole
From: tin () LE ORG (Tin Le)
Date: Thu, 20 Jul 2000 22:31:57 -0700
-----BEGIN PGP SIGNED MESSAGE----- Well said. In my day job, I work for a large network firm, and I research new technology, wireless in particular. The more I learn about WAP, the more I dislike it. IMHO, it's a re-inventing of the wheel, without learning from the previous lessons of TCP/IP or the web. I could go on grrrr. :-) Anyway, to fill in some of your comments.
and then posted to popular web sites which host both HTML and WML code. I don't know how much confidence checking the WAP gateway box does on incoming WML code.
Most WAP gateway I've played with does not do validation of WML, they simply "compile" textual WML into binary format (WMLC) to reduce the size before sending it on to the browser. If a web site already pre-compiled the file into WMLC, the WAP gateway will simply pass it straight through. As for WMLScript, since it is based on Javascript, all the holes in Javascript is probably also possible in WMLScript.
It does parse out unnecessary HTML labels as a matter of course to reduce
You must be thinking of Nokia's gw (the only one I know that has this, there may be others now). Nokia WAP gw will do on-the-fly conversion from HTML to WML. But it's done in a very simplistic way. It's just stripping out all graphics, reducing complex tags, such as table and so on down to simple elements. However, not all WAP gw offers this feature.
A fledgling security firm looking for a market niche might do well to investiage WAP. If you are looking for areas to study, you might want to take a look at the WAP specs and white papers maintained at the WAP Forum http://www.wapforum.com/what/technical.htm. There's one spec on WAP WMLScript crypto APIs, and another on the WAP Wireless Transport Layer Security Specification.
It's fertile ground here folks. Someone has already found an attack on WTLS, look at http://www.jyu.fi/~mjos/
The wireless phone industry believes that by 2003 more people will be surfing the net (in a limited way) and doing e-commerce through their cell phones than by PCs. The WAP stuff has got to work. I think now would be a good time to get the bugs identified and eliminated.
Yes, there is still a lot of work to be done to fix the problems in WAP. Tin Le - ---- http://tin.le.org Tin Le - tin () le org Firewall and Security Consulting -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAgUBOXfgTBiIIbPkDHhBAQFfAAP+IsyoDvJbo0ey4Z8bIMrBL8Bsq1Fwgkh1 ICGY7qsmdxfAlm/VgLr/wRXlqO+b76WivoT4uPqh1AuayJPMMiQok/d5anD4vsa+ 70IA5ShqGOhedEXxDTctR3RdZOUgmKxtallYzrvvmkeRJLuu17dcXwOVMc0YHfj6 FLFDadfQupE= =NKV9 -----END PGP SIGNATURE-----
Current thread:
- Re: Nokia 7110 Wap Browser Hole, (continued)
- Re: Nokia 7110 Wap Browser Hole Roelof Temmingh (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 21)
- Re: Nokia 7110 Wap Browser Hole Dave O Connor (Jul 21)
- Réf. : HELP with IE Network Problem... Francois.Perreault () VMD DESJARDINS COM (Jul 21)
- Re: HELP with IE Network Problem... Slawek (Jul 23)
- Re: Nokia 7110 Wap Browser Hole Bluefish (Jul 21)
- Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 27)
- Re: Nokia WAP server. Tin Le (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 20)