Re: Nokia 7110 Wap Browser Hole

[Tin Le <tin () LE ORG>]

-----BEGIN PGP SIGNED MESSAGE-----

I started answering but got distracted and then had to travel out of town.
This is quick, so sorry for typos.

On Sat, 22 Jul 2000, Bluefish wrote:

> > I am not a specialist in WAP and underlying protocols, but AFAIK there is
> > _no_ IP in this stack and phones _do not_ have IP addresses - their
> > connectivity to wap servers is done via WAP gateways (which have IP because
> > they have to connect to wap servers, of course). Those gateways act as
> > network-layer gateways, converting some GSM bearer protocols into TCP/IP.
> > Phones itself have only so-called MSISDN (Mobile Subscriber ISDN).

> I've a limited knowledge of these 2.5G phones, maybe you are right. Or
> maybe both are right - perhaps it tunnels something over MSISDN. Never
> assume technical solutions to be intelligent ;)

My understanding based on reading the wapforum specs and playing with the
phones and gateway is that the current WAP devices uses the WAP protocol
(of course).  The WAP protocol is a reimplementation of IP over cell
bearers, which can be GSM, CDMA, TDMA, SMS, etc.

The WAP protocol stack is something like this:

Mobile Device---> MS(PPP) -> RAS(PPP) ->  Internet(UDP/IP) ->
  WAP Gateway(WSP/WTP/WTLS/WBXML) -> Internet(TCP/IP) -> WWW Server (HTTP/WML)

The link between Mobile device and MS(PPP) is over bearer (GSM, CDMA, etc.)

> My greatest objection is that it seems to be hard to update operating
> system and browser on the phones. If you learn that your trusted computing
> base is flawed, you cannot fix it. I don't think you can invent a worse
> flaw than that.

Yes, although I think the trend is that the manuf are learning and newer
phones are using flash for their os and browser.

> A flaw in a wap browser is a hundred times worse than a flaw in HTML
> browser for normal computers because of that.

What's worse is that they are reinventing the mouse trap.  Instead of
using time tested code (html browsers), they went and invent new protocol
(WAP) and new tags (WML).  And of course have to write new browsers which
mean for the next few years, we will have lots of new bugs and security
problems.

Since WMLScript is based on Javascript, you can be sure that all the
existing security holes found with JS will be repeated in the new browsers.

> Perhaps they want you to constantly by a new phone in order to be recently
> secure.... Or does anyone have an idea of how to update this? Does a
> manual to these phones say anything about it?

I'd love to find out also.  I am tempted to just buy the cable to connect
my phone to the PC serial port, but it's expensive.  Anyone has the
schematic for making one and willing to share?

> (off-topic question:) can netscape (or any other browser for windows or
> linux) read wml pages? any wap site anyone can direct me to?

Besides using WAP SDK which comes with WML browsers, you can get the
following free plugin for Netscape and IE.  It works fairly well.

www.m3gate.com

They are in Russia, so the link is slow, at least for me.

Tin Le
- ----
http://tin.le.org
Tin Le - tin () le org
Firewall and Security Consulting


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAgUBOX0vihiIIbPkDHhBAQHEqQP/R8gfLq/+kFlPDDGv8FXfuublJ05vHPsj
gB5vs/PlGS0K/xdrh1KOIn94yP4KtFHEXpKhKJHg6vfTSrDXsxaztAeuqqpj6oyO
6av6iMrQeX5CM7toWmSzpn9AjGjW7qt6WlFoHCePllOwfvq7Pb87i80EGsQWYayw
zdazxdt5gqc=
=8IBf
-----END PGP SIGNATURE-----