[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Nokia 3560 Remote DOS

To: "'Milan 't4c' Berger'" <t4c@xxxxxxxx>
Subject: RE: [Full-Disclosure] Nokia 3560 Remote DOS
From: "Mark Laurence" <m.laurence@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 8 Jul 2004 10:59:14 +0100

 http://www.auscert.org.au/render.html?it=2795&cid=1

Similar vuln on the 6210 was discovered a while back

> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx 
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of 
> Milan 't4c' Berger
> Sent: 08 July 2004 10:26
> To: full-disclosure@xxxxxxxxxxxxxxxx
> Subject: Re: [Full-Disclosure] Nokia 3560 Remote DOS
> 
> You can get updates for money.
> Here in germany you pay about 20 Euro for updating firmware, 
> but like old bugs told us, Nokia doesn't really care about 
> there mistakes.
> 
> 
> Regards,
>      Milan
> 
> 
> Kane Lightowler wrote:
> > Even if Nokia does find this out first there is not to much 
> they can do.
> > 
> > They can create a fix for a new firmware edition that will 
> ship in new models but most models that are out in the public 
> already will never get a firmware update.
> > 
> > 
> > Regards,
> > Kane
> > 
> > 
> >>-----Original Message-----
> >>From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> >>[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx]On Behalf Of
> >>marklist@xxxxxxxxxxx
> >>Sent: Thursday, July 08, 2004 1:43 PM
> >>To: full-disclosure@xxxxxxxxxxxxxxxx
> >>Subject: [Full-Disclosure] Nokia 3560 Remote DOS
> >>
> >>
> >>Hello list,
> >>
> >>    I have found a vulnerability with Nokia's 3560 cellular 
> >>phone, in which anyone may remotely crash the phone's OS, 
> >>requiring the user to disconnect the battery to restore 
> >>normal functionality.  The attack only requires sending the 
> >>person a specially crafted text message.  This can be done 
> >>very easily via e-mail or from any capable cell phone.  
> >>
> >>I have only tested this on the 3560, but other models may be 
> >>vulnerable as well.  
> >>
> >>During the attack, the phone does not emit a "new message" 
> >>tone, and the message does not get stored in phone after 
> >>rebooting.  Victims have no way of knowing that they have 
> >>been attacked.
> >>
> >>I know this is FD and all, but due to the seriousness of this 
> >>attack, I would like to notify Nokia before posting full details. 
> >>
> >>Does anyone know of a security contact at Nokia?
> >>
> >>-Mark
> 
> -- 
> Milan 't4c' Berger
> Network & Security Administrator
> 21073 Hamburg
> 
> gpg: http://www.ghcif.de/keys/t4c.asc
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.656 / Virus Database: 421 - Release Date: 09/04/2004
>  
> 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.656 / Virus Database: 421 - Release Date: 09/04/2004
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Nokia 3560 Remote DOS
  - From: Milan 't4c' Berger

Prev by Date: [Full-Disclosure] Fw: Funny Ass
Next by Date: [Full-Disclosure] Opera 7.52 (Build 3834) Address Bar Spoofing Issue
Previous by thread: Re: [Full-Disclosure] Nokia 3560 Remote DOS
Next by thread: Re: [Full-Disclosure] Nokia 3560 Remote DOS
Index(es):
- Date
- Thread