Siemens *35 and 45 series phones SMS Danial of Service

[subj subj <r2subj3ct () dwclan org>]

Information:

    The name of vulnerability: Siemens *35-45 DoS SMS Lag
 To vulnerability are subject: All versions siemens *35 and *45.
                Official site: www.siemens-mobile.com
        Kind of vulnerability: Refusal in Service (Denial of Service).
        Type of vulnerability: Removed / local.
                       Author: subj (r2subj3ct () dwcgr0up com)
                         Date: 02.03.2003
                         Site: www.dwcgr0up.com

Description of vulnerability:

 There is a local and remote vulnerability and
 Siemens *35 and *45 series phones.

 A message of the form "%String", where String is on of the
 languages from the phone language selection menu, will
 completely disable *35 series phones and result
 in a 2 minute read delay on *45 series phones. Note that
 the first letter of language should be capitalized and
 the quotation marks should be present in the message.

The phone will try to read the message and then after 2 minutes
 return to the main menu. This happens every time the message is sent.
 After 10-15 messages the battery (NiMH) gets empty.
 
There is a local vulnerability of the same kind. A message of the
 form "%some_word", where some_word is any lower case letter
 sequence will result in the same effects described above.

Vulnerability exploiting:

 (for remote): 
 We send on "phone - victim" the message:
   "%Deutsch"
 Or
   "%Polski" "%Magyar" "%English" "%Deutsch"
 (for local):
   "testedersecurity"

Thanks:
 DHG, GipsHack, Netp0is0n, de1irium, r00tc0de, f0kp
 l0bster, r4ShRaY, D4rkGr3y, Moby, Orb, Foster, Owned, prior, dron 
(Ivanov Andrey)