[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Nokia 3560 Remote DOS
- To: <marklist@xxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] Nokia 3560 Remote DOS
- From: "Kane Lightowler" <Kane@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 8 Jul 2004 15:06:55 +1000
Even if Nokia does find this out first there is not to much they can do.
They can create a fix for a new firmware edition that will ship in new models
but most models that are out in the public already will never get a firmware
update.
Regards,
Kane
> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx]On Behalf Of
> marklist@xxxxxxxxxxx
> Sent: Thursday, July 08, 2004 1:43 PM
> To: full-disclosure@xxxxxxxxxxxxxxxx
> Subject: [Full-Disclosure] Nokia 3560 Remote DOS
>
>
> Hello list,
>
> I have found a vulnerability with Nokia's 3560 cellular
> phone, in which anyone may remotely crash the phone's OS,
> requiring the user to disconnect the battery to restore
> normal functionality. The attack only requires sending the
> person a specially crafted text message. This can be done
> very easily via e-mail or from any capable cell phone.
>
> I have only tested this on the 3560, but other models may be
> vulnerable as well.
>
> During the attack, the phone does not emit a "new message"
> tone, and the message does not get stored in phone after
> rebooting. Victims have no way of knowing that they have
> been attacked.
>
> I know this is FD and all, but due to the seriousness of this
> attack, I would like to notify Nokia before posting full details.
>
> Does anyone know of a security contact at Nokia?
>
> -Mark
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html