[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS
- To: <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS
- From: "Leeuwen, Allan van" <allan.vanleeuwen@xxxxxxxxxxxxx>
- Date: Tue, 25 Jan 2005 09:33:32 +0100
Hi Rohit,
Do you know if series 60 OS is the only affected OS ?
Allan
-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxx] On Behalf Of
rohit@xxxxxxxxxxxxxxxxxxxxx
Sent: Monday, January 24, 2005 6:01 AM
To: bugtraq@xxxxxxxxxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] 2 vulnerabilities combine to auto execute
received files in Nokia series 60 OS
Hi,
I forwarded this bug to Nokia security group, they believe it is a
feature and not a bug. Whats your opinion?
>>>
1. By default, executable files cannot be transferred (many mobile game
companies probably earn their bread because games are not transferrable
from one phone to the next). But if you rename the file (install file)
to any extension such as jpg or an unknown extension, it can be
transferred! So if i need to transfer a virus, all i need to do is
rename the file to some jpg extension and and transfer it!
2. When series 60 OS receives such a file, it executes it immediately.
For example, in case a MMS message comes with a picture or an installer
attachment, Nokia would immediately start running the attachment. This
is a major design flaw. Imagine a virus, renamed as a .jpg (mobile wall
paper) is downloaded by users on p2p networks or from a website or can
come from a friend. Virus installs itself and than shows a jpg file, so
user does not suspect anything, while he is now infected. This is than
sent to everyone in the address book, who again just see the wall paper
after a prompt, while the virus has installed itself.
The first problem can be used to exchange mobile games and ring tones
for free. When you try to transfer the same without renaming, the OS
does not allow transferring them. Thanks Rohit Dube New Delhi.
Nokia response to both the problems follows:
Hi Rohit,
Sorry for the delay answering back to you.
About your findings, the first one with sending files after changing the
extension is a known limitation of the current implementation. We also
implement OMA DRM 2 which will work as expected in such situations.
The second one is also know feature, the file type is not determinated
from the extension but from the content of the file. So a sis package
renamed to an jpeg file still looks from the inside as a sis package and
so the user is prompted for installation.
Thank you again for your report.
tatu
> -----Original Message-----
> From: ext rohit@xxxxxxxxxxxxxxxxxxxxx
> [mailto:rohit@xxxxxxxxxxxxxxxxxxxxx]
> Sent: Tuesday, January 18, 2005 04:17
> To: Mannisto Tatu (Nokia-TP-PST/Tampere); Ahlberg Janne
> (Nokia-M/Tampere)
> Subject: RE: series 60 os auto executes files
>
>
> Hi Tatu, Janne,
> Any information on this vulnerability? Can you please confirm your
> findings and send me an update on when should I/we disclose it? Thanks
> Rohit
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
===========================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is alleen
bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u
verzocht de inhoud niet te gebruiken en de afzender direct te informeren door
het bericht te retourneren. Hoewel Orange maatregelen heeft genomen om virussen
in deze email of attachments te voorkomen, dient u ook zelf na te gaan of
virussen aanwezig zijn aangezien Orange niet aansprakelijk is voor
computervirussen die veroorzaakt zijn door deze email.
The information contained in this message may be confidential and is intended
to be only for the addressee. Should you receive this message unintentionally,
please do not use the contents herein and notify the sender immediately by
return e-mail. Although Orange has taken steps to ensure that this email and
attachments are free from any virus, you do need to verify the possibility of
their existence as Orange can take no responsibility for any computer virus
which might be transferred by way of this email.
===========================================================
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html