[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Nokia 3560 Remote DOS

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Nokia 3560 Remote DOS
From: marklist@xxxxxxxxxxx
Date: Thu, 08 Jul 2004 03:42:34 +0000

Hello list,

    I have found a vulnerability with Nokia's 3560 cellular phone, in which 
anyone may remotely crash the phone's OS, requiring the user to disconnect the 
battery to restore normal functionality.  The attack only requires sending the 
person a specially crafted text message.  This can be done very easily via 
e-mail or from any capable cell phone.  

I have only tested this on the 3560, but other models may be vulnerable as 
well.  

During the attack, the phone does not emit a "new message" tone, and the 
message does not get stored in phone after rebooting.  Victims have no way of 
knowing that they have been attacked.

I know this is FD and all, but due to the seriousness of this attack, I would 
like to notify Nokia before posting full details. 

Does anyone know of a security contact at Nokia?

-Mark

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Nokia 3560 Remote DOS
  - From: William J.W. Sprakel @ ActiveMinds

Prev by Date: [Full-Disclosure] php-exec-dir vulnerable after latest upgrade
Next by Date: RE: [Full-Disclosure] Microsoft hides certain types of files from your eyes + some filename parsing bug
Previous by thread: [Full-Disclosure] Re: php-exec-dir vulnerable after latest upgrade
Next by thread: Re: [Full-Disclosure] Nokia 3560 Remote DOS
Index(es):
- Date
- Thread