mailing list archives
Re: Nokia 3560 Remote DOS
From: "Milan 't4c' Berger" <t4c () ghcif de>
Date: Thu, 08 Jul 2004 11:26:05 +0200
You can get updates for money.
Here in germany you pay about 20 Euro for updating firmware, but like
old bugs told us, Nokia doesn't really care about there mistakes.
Kane Lightowler wrote:
Even if Nokia does find this out first there is not to much they can do.
They can create a fix for a new firmware edition that will ship in new models but most models that are out in the
public already will never get a firmware update.
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of
marklist () comcast net
Sent: Thursday, July 08, 2004 1:43 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Nokia 3560 Remote DOS
I have found a vulnerability with Nokia's 3560 cellular
phone, in which anyone may remotely crash the phone's OS,
requiring the user to disconnect the battery to restore
normal functionality. The attack only requires sending the
person a specially crafted text message. This can be done
very easily via e-mail or from any capable cell phone.
I have only tested this on the 3560, but other models may be
vulnerable as well.
During the attack, the phone does not emit a "new message"
tone, and the message does not get stored in phone after
rebooting. Victims have no way of knowing that they have
I know this is FD and all, but due to the seriousness of this
attack, I would like to notify Nokia before posting full details.
Does anyone know of a security contact at Nokia?
Milan 't4c' Berger
Network & Security Administrator
Full-Disclosure - We believe in it.
RE: Nokia 3560 Remote DOS Kane Lightowler (Jul 08)