Full Disclosure mailing list archives
RE: Nokia 3560 Remote DOS
From: "Mark Laurence" <m.laurence () groveindependentschool co uk>
Date: Thu, 8 Jul 2004 10:59:14 +0100
http://www.auscert.org.au/render.html?it=2795&cid=1 Similar vuln on the 6210 was discovered a while back
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Milan 't4c' Berger Sent: 08 July 2004 10:26 To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Nokia 3560 Remote DOS You can get updates for money. Here in germany you pay about 20 Euro for updating firmware, but like old bugs told us, Nokia doesn't really care about there mistakes. Regards, Milan Kane Lightowler wrote:Even if Nokia does find this out first there is not to muchthey can do.They can create a fix for a new firmware edition that willship in new models but most models that are out in the public already will never get a firmware update.Regards, Kane-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of marklist () comcast net Sent: Thursday, July 08, 2004 1:43 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Nokia 3560 Remote DOS Hello list, I have found a vulnerability with Nokia's 3560 cellular phone, in which anyone may remotely crash the phone's OS, requiring the user to disconnect the battery to restore normal functionality. The attack only requires sending the person a specially crafted text message. This can be done very easily via e-mail or from any capable cell phone. I have only tested this on the 3560, but other models may be vulnerable as well. During the attack, the phone does not emit a "new message" tone, and the message does not get stored in phone after rebooting. Victims have no way of knowing that they have been attacked. I know this is FD and all, but due to the seriousness of this attack, I would like to notify Nokia before posting full details. Does anyone know of a security contact at Nokia? -Mark-- Milan 't4c' Berger Network & Security Administrator 21073 Hamburg gpg: http://www.ghcif.de/keys/t4c.asc _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.656 / Virus Database: 421 - Release Date: 09/04/2004
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.656 / Virus Database: 421 - Release Date: 09/04/2004 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Nokia 3560 Remote DOS marklist (Jul 07)
- Re: Nokia 3560 Remote DOS William J.W. Sprakel @ ActiveMinds (Jul 08)
- Re: Nokia 3560 Remote DOS Matt Burke (Jul 09)
- <Possible follow-ups>
- RE: Nokia 3560 Remote DOS Kane Lightowler (Jul 07)
- Re: Nokia 3560 Remote DOS Milan 't4c' Berger (Jul 08)
- RE: Nokia 3560 Remote DOS Mark Laurence (Jul 08)
- Re: Nokia 3560 Remote DOS Marcus Specht (Jul 10)
- Re: Nokia 3560 Remote DOS Matt Burke (Jul 10)
- Re: Nokia 3560 Remote DOS 404 (Jul 12)
- Re: Nokia 3560 Remote DOS Milan 't4c' Berger (Jul 08)
- Re: Nokia 3560 Remote DOS William J.W. Sprakel @ ActiveMinds (Jul 08)
- Re: Nokia 3560 Remote DOS Jordan Cole (stilist) (Jul 08)
- Re: [security] RE: Nokia 3560 Remote DOS Shawn McMahon (Jul 09)