Vulnerability Development mailing list archives

Re: Nokia 7110 Wap Browser Hole

From: 11a () GMX NET (Bluefish)
Date: Wed, 19 Jul 2000 00:45:33 +0200


To begin with, I don't follow the "off-topic" comments, why would this be
off-topic? Or the previous post about Nokia?

To continue being of topic, most wap phones hangs when being portscanned,
including most nokia 7110's. But since you need the ad of the phone when
it's connected to the net, and this can be pretty tricky to get most people
should not be to worried.


It's hardly acceptable that these products contains numerous security bugs
(which I'm starting to suspect, this bug should have been uncovered during
normal testing procedures!)

Just because we TODAY don't know what the problem would be with bad
products, when we loose these "2.5 G" products and take the step toward 3G
and, if the marketing people are right, 3G phones/terminals becomes the
number one used internet connection, we can't have these kind of troubles.

And as to how to locate people... Look at how it is done today, on the
"real" web/internet. Rule #1 is not to trust public networks. A service
such as ICQ or Hotmail, or the site you use, something will eventually
give your IP away. Or some scriptkid will simply blast the entire WAP-ISP
provider away with some phone-nuke.

Security bugs must be fixed. Anyone with experience of upgrading a phone?
how hard is it to replace "bios" and wap-browser with newer versions?

Finally, these problems are *not* merely with Nokias phones, a recent test
of wap-terminals in Ny Teknik (translates to New Technology/Science, a
really high quality magazined aimed at engineers and students, available
at www.nyteknik.se) revealed that even none-malicious code can hang todays
wap-phones needing hardware resets. From somewhat lose reading I got the
feeling that Ericsson came out worst in the test, but all phones were
pretty buggy. And Ericsson probably will get back with better products,
Sweden simply got to win ;-)

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

Current thread:

Re: Nokia 7110 Wap Browser Hole Tink (Jun 20)
- <Possible follow-ups>
- Re: Nokia 7110 Wap Browser Hole Kristjan Kristinsson (Jul 17)
  - volcheck and sol 8 Matthew Potter (Jul 18)
  - Re: Nokia 7110 Wap Browser Hole Ralph Moonen (Jul 18)
  - Re: Nokia 7110 Wap Browser Hole Bluefish (Jul 18)
    - Re: Nokia 7110 Wap Browser Hole Juan M. Courcoul (Jul 20)
    - Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 20)
    - Re: Nokia 7110 Wap Browser Hole Bojan Zdrnja (Jul 21)
  - Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 20)
    - Re: Nokia 7110 Wap Browser Hole Roelof Temmingh (Jul 20)
    - Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 21)
    - Re: Nokia 7110 Wap Browser Hole Dave O Connor (Jul 21)
    - Réf. : HELP with IE Network Problem... Francois.Perreault () VMD DESJARDINS COM (Jul 21)
    - Re: HELP with IE Network Problem... Slawek (Jul 23)
    - Re: Nokia 7110 Wap Browser Hole Bluefish (Jul 21)

(Thread continues...)