Vulnerability Development mailing list archives
Re: Nokia 7110 Wap Browser Hole
From: Tin Le <tin () LE ORG>
Date: Mon, 24 Jul 2000 23:11:23 -0700
-----BEGIN PGP SIGNED MESSAGE----- I started answering but got distracted and then had to travel out of town. This is quick, so sorry for typos. On Sat, 22 Jul 2000, Bluefish wrote:
I am not a specialist in WAP and underlying protocols, but AFAIK there is _no_ IP in this stack and phones _do not_ have IP addresses - their connectivity to wap servers is done via WAP gateways (which have IP because they have to connect to wap servers, of course). Those gateways act as network-layer gateways, converting some GSM bearer protocols into TCP/IP. Phones itself have only so-called MSISDN (Mobile Subscriber ISDN).
I've a limited knowledge of these 2.5G phones, maybe you are right. Or maybe both are right - perhaps it tunnels something over MSISDN. Never assume technical solutions to be intelligent ;)
My understanding based on reading the wapforum specs and playing with the phones and gateway is that the current WAP devices uses the WAP protocol (of course). The WAP protocol is a reimplementation of IP over cell bearers, which can be GSM, CDMA, TDMA, SMS, etc. The WAP protocol stack is something like this: Mobile Device---> MS(PPP) -> RAS(PPP) -> Internet(UDP/IP) -> WAP Gateway(WSP/WTP/WTLS/WBXML) -> Internet(TCP/IP) -> WWW Server (HTTP/WML) The link between Mobile device and MS(PPP) is over bearer (GSM, CDMA, etc.)
My greatest objection is that it seems to be hard to update operating system and browser on the phones. If you learn that your trusted computing base is flawed, you cannot fix it. I don't think you can invent a worse flaw than that.
Yes, although I think the trend is that the manuf are learning and newer phones are using flash for their os and browser.
A flaw in a wap browser is a hundred times worse than a flaw in HTML browser for normal computers because of that.
What's worse is that they are reinventing the mouse trap. Instead of using time tested code (html browsers), they went and invent new protocol (WAP) and new tags (WML). And of course have to write new browsers which mean for the next few years, we will have lots of new bugs and security problems. Since WMLScript is based on Javascript, you can be sure that all the existing security holes found with JS will be repeated in the new browsers.
Perhaps they want you to constantly by a new phone in order to be recently secure.... Or does anyone have an idea of how to update this? Does a manual to these phones say anything about it?
I'd love to find out also. I am tempted to just buy the cable to connect my phone to the PC serial port, but it's expensive. Anyone has the schematic for making one and willing to share?
(off-topic question:) can netscape (or any other browser for windows or linux) read wml pages? any wap site anyone can direct me to?
Besides using WAP SDK which comes with WML browsers, you can get the following free plugin for Netscape and IE. It works fairly well. www.m3gate.com They are in Russia, so the link is slow, at least for me. Tin Le - ---- http://tin.le.org Tin Le - tin () le org Firewall and Security Consulting -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAgUBOX0vihiIIbPkDHhBAQHEqQP/R8gfLq/+kFlPDDGv8FXfuublJ05vHPsj gB5vs/PlGS0K/xdrh1KOIn94yP4KtFHEXpKhKJHg6vfTSrDXsxaztAeuqqpj6oyO 6av6iMrQeX5CM7toWmSzpn9AjGjW7qt6WlFoHCePllOwfvq7Pb87i80EGsQWYayw zdazxdt5gqc= =8IBf -----END PGP SIGNATURE-----
Current thread:
- Re: Nokia 7110 Wap Browser Hole, (continued)
- Re: Nokia 7110 Wap Browser Hole Juan M. Courcoul (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Bojan Zdrnja (Jul 21)
- Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Roelof Temmingh (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Vitaly Osipov (Jul 21)
- Re: Nokia 7110 Wap Browser Hole Dave O Connor (Jul 21)
- Réf. : HELP with IE Network Problem... Francois.Perreault () VMD DESJARDINS COM (Jul 21)
- Re: HELP with IE Network Problem... Slawek (Jul 23)
- Re: Nokia 7110 Wap Browser Hole Bluefish (Jul 21)
- Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 27)
- Re: Nokia WAP server. Tin Le (Jul 20)
- Re: Nokia 7110 Wap Browser Hole Tin Le (Jul 20)