[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <EEF9DEFA70456649B701B6B32C4949AE0EAFC1@server1.contentsecurity.com.au>
From: Kane at contentsecurity.com.au (Kane Lightowler)
Subject: Nokia 3560 Remote DOS
Even if Nokia does find this out first there is not to much they can do.
They can create a fix for a new firmware edition that will ship in new models but most models that are out in the public already will never get a firmware update.
Regards,
Kane
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of
> marklist@...cast.net
> Sent: Thursday, July 08, 2004 1:43 PM
> To: full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] Nokia 3560 Remote DOS
>
>
> Hello list,
>
> I have found a vulnerability with Nokia's 3560 cellular
> phone, in which anyone may remotely crash the phone's OS,
> requiring the user to disconnect the battery to restore
> normal functionality. The attack only requires sending the
> person a specially crafted text message. This can be done
> very easily via e-mail or from any capable cell phone.
>
> I have only tested this on the 3560, but other models may be
> vulnerable as well.
>
> During the attack, the phone does not emit a "new message"
> tone, and the message does not get stored in phone after
> rebooting. Victims have no way of knowing that they have
> been attacked.
>
> I know this is FD and all, but due to the seriousness of this
> attack, I would like to notify Nokia before posting full details.
>
> Does anyone know of a security contact at Nokia?
>
> -Mark
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists