RE: [Full-Disclosure] Nokia 3560 Remote DOS
From: Kane Lightowler (Kane_at_contentsecurity.com.au)
Date: 07/08/04
- Previous message: VeNoMouS: "[Full-Disclosure] RE: php-exec-dir vulnerable after latest upgrade"
- Maybe in reply to: marklist_at_comcast.net: "[Full-Disclosure] Nokia 3560 Remote DOS"
- Next in thread: Milan 't4c' Berger: "Re: [Full-Disclosure] Nokia 3560 Remote DOS"
- Reply: Milan 't4c' Berger: "Re: [Full-Disclosure] Nokia 3560 Remote DOS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <marklist@comcast.net>, <full-disclosure@lists.netsys.com> Date: Thu, 8 Jul 2004 15:06:55 +1000
Even if Nokia does find this out first there is not to much they can do.
They can create a fix for a new firmware edition that will ship in new models but most models that are out in the public already will never get a firmware update.
Regards,
Kane
> -----Original Message-----
> From: full-disclosure-admin@lists.netsys.com
> [mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of
> marklist@comcast.net
> Sent: Thursday, July 08, 2004 1:43 PM
> To: full-disclosure@lists.netsys.com
> Subject: [Full-Disclosure] Nokia 3560 Remote DOS
>
>
> Hello list,
>
> I have found a vulnerability with Nokia's 3560 cellular
> phone, in which anyone may remotely crash the phone's OS,
> requiring the user to disconnect the battery to restore
> normal functionality. The attack only requires sending the
> person a specially crafted text message. This can be done
> very easily via e-mail or from any capable cell phone.
>
> I have only tested this on the 3560, but other models may be
> vulnerable as well.
>
> During the attack, the phone does not emit a "new message"
> tone, and the message does not get stored in phone after
> rebooting. Victims have no way of knowing that they have
> been attacked.
>
> I know this is FD and all, but due to the seriousness of this
> attack, I would like to notify Nokia before posting full details.
>
> Does anyone know of a security contact at Nokia?
>
> -Mark
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: VeNoMouS: "[Full-Disclosure] RE: php-exec-dir vulnerable after latest upgrade"
- Maybe in reply to: marklist_at_comcast.net: "[Full-Disclosure] Nokia 3560 Remote DOS"
- Next in thread: Milan 't4c' Berger: "Re: [Full-Disclosure] Nokia 3560 Remote DOS"
- Reply: Milan 't4c' Berger: "Re: [Full-Disclosure] Nokia 3560 Remote DOS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
