Re: Siemens *35 and 45 series phones SMS Danial of Service

[Robert Waldner <rw () coretec at>]

On Mon, 03 Mar 2003 23:46:09 +0100, Jan Niehusmann writes:
> On Mon, Mar 03, 2003 at 01:06:43AM -0000, subj subj wrote:
> >  To vulnerability are subject: All versions siemens *35 and *45.
> [...]
> >  languages from the phone language selection menu, will
> >  completely disable *35 series phones and result
> >  in a 2 minute read delay on *45 series phones. Note that

> Please note that this vulnerability isn't as serious as you describe it.
> At least on my S45, I am able to interrupt this 2 minute delay at any
> time by pressing the 'hang up' key (but I have to press it for about half a
> second instead of just hitting it), the message can be read by using
> 'edit message' instead of 'read message', and it can be deleted without
> problems.
>
> So while this obviously is a bug, it can hardly be called a DoS.

However, my S35i is _completely_ disabled, just as the original poster 
 described, no luck with just pressing the "hang up"-key, one has to 
 yank the battery out. Also, there is no "Edit Message" available until
 after one reads a message, and thus disables the phone.

Please also note that if you append something to the "%String", the bug 
 no longer hits (for my S35i, that is). Most web->sms - gateways append
 some signature to SMSs, and thus, by sheer luck, can't be used to exploit
 this.

cheers,
&rw
-- 
/ Ing. Robert Waldner | Security Engineer |  CoreTec IT-Security  \
\   <rw () coretec at>   | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /

Attachment: signature.ng
Description: