Vulnerability Development mailing list archives
Re: Nokia 7110 Wap Browser Hole
From: 11a () GMX NET (Bluefish)
Date: Sat, 22 Jul 2000 01:19:51 +0200
I am not a specialist in WAP and underlying protocols, but AFAIK there is _no_ IP in this stack and phones _do not_ have IP addresses - their connectivity to wap servers is done via WAP gateways (which have IP because they have to connect to wap servers, of course). Those gateways act as network-layer gateways, converting some GSM bearer protocols into TCP/IP. Phones itself have only so-called MSISDN (Mobile Subscriber ISDN).
I've a limited knowledge of these 2.5G phones, maybe you are right. Or maybe both are right - perhaps it tunnels something over MSISDN. Never assume technical solutions to be intelligent ;) However, for 3G phones will be TCP/IP:ed. According to what I've read 3G will be using IP v6 (maybe some IP v4 in the beginning though) and SIP etc. TCP/IP is the core of 3G, the final move towards a standarized enviroment not based upon what curcuits which happends to be in favor today.
So i am very curious on what address you scanned to get the phone hung - it really is very interesting.
As a minor note; Roelof Temmingh <roelof () SENSEPOST COM> post seems to make it clear that even on these 2.5G phones TCP/IP is in use (IP v4 I guess). My greatest objection is that it seems to be hard to update operating system and browser on the phones. If you learn that your trusted computing base is flawed, you cannot fix it. I don't think you can invent a worse flaw than that. A flaw in a wap browser is a hundred times worse than a flaw in HTML browser for normal computers because of that. Perhaps they want you to constantly by a new phone in order to be recently secure.... Or does anyone have an idea of how to update this? Does a manual to these phones say anything about it? (off-topic question:) can netscape (or any other browser for windows or linux) read wml pages? any wap site anyone can direct me to? ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Re: Nokia 7110 Wap Browser Hole, (continued)
- Re: Nokia 7110 Wap Browser Hole Bluefish (Jul 18)
- Re: Nokia 7110 Wap Browser Hole Juan M. Courcoul (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Bojan Zdrnja (Jul 21)
- Re: Nokia 7110 Wap Browser Hole Bluefish (Jul 18)
- Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Roelof Temmingh (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 21)
- Re: Nokia 7110 Wap Browser Hole Dave O Connor (Jul 21)
- Réf. : HELP with IE Network Problem... Francois.Perreault () VMD DESJARDINS COM (Jul 21)
- Re: HELP with IE Network Problem... Slawek (Jul 23)
- Re: Nokia 7110 Wap Browser Hole Bluefish (Jul 21)
- Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 27)
- Re: Nokia WAP server. Tin Le (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 20)