Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Nokia 3560 Remote DOS
From: "Mark Laurence" <m.laurence () groveindependentschool co uk>
Date: Thu, 8 Jul 2004 10:59:14 +0100

 http://www.auscert.org.au/render.html?it=2795&cid=1

Similar vuln on the 6210 was discovered a while back

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Milan 't4c' Berger
Sent: 08 July 2004 10:26
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Nokia 3560 Remote DOS

You can get updates for money.
Here in germany you pay about 20 Euro for updating firmware, 
but like old bugs told us, Nokia doesn't really care about 
there mistakes.


Regards,
     Milan


Kane Lightowler wrote:
Even if Nokia does find this out first there is not to much 
they can do.

They can create a fix for a new firmware edition that will 
ship in new models but most models that are out in the public 
already will never get a firmware update.


Regards,
Kane


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of
marklist () comcast net
Sent: Thursday, July 08, 2004 1:43 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Nokia 3560 Remote DOS


Hello list,

   I have found a vulnerability with Nokia's 3560 cellular 
phone, in which anyone may remotely crash the phone's OS, 
requiring the user to disconnect the battery to restore 
normal functionality.  The attack only requires sending the 
person a specially crafted text message.  This can be done 
very easily via e-mail or from any capable cell phone.  

I have only tested this on the 3560, but other models may be 
vulnerable as well.  

During the attack, the phone does not emit a "new message" 
tone, and the message does not get stored in phone after 
rebooting.  Victims have no way of knowing that they have 
been attacked.

I know this is FD and all, but due to the seriousness of this 
attack, I would like to notify Nokia before posting full details. 

Does anyone know of a security contact at Nokia?

-Mark

-- 
Milan 't4c' Berger
Network & Security Administrator
21073 Hamburg

gpg: http://www.ghcif.de/keys/t4c.asc

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.656 / Virus Database: 421 - Release Date: 09/04/2004
 


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.656 / Virus Database: 421 - Release Date: 09/04/2004
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]