[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Nokia 3560 Remote DOS

To: "Milan 't4c' Berger" <t4c@xxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] Nokia 3560 Remote DOS
From: "Kane Lightowler" <Kane@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 8 Jul 2004 23:04:47 +1000

Yes that is correct, you can walk into alot of mobile stores and they will 
upgrade the firmware for you at a price.
 
Honestly how many mobile phone users do you know that would.....
a) know that this service exists..
b) pay for this service..
 
Myself, I could count them on one hand.
 
Regards,
Kane

        -----Original Message----- 
        From: full-disclosure-admin@xxxxxxxxxxxxxxxx on behalf of Milan 't4c' 
Berger 
        Sent: Thu 8/07/2004 7:26 PM 
        To: full-disclosure@xxxxxxxxxxxxxxxx 
        Cc: 
        Subject: Re: [Full-Disclosure] Nokia 3560 Remote DOS
        
        

        You can get updates for money.
        Here in germany you pay about 20 Euro for updating firmware, but like
        old bugs told us, Nokia doesn't really care about there mistakes.
        
        
        Regards,
             Milan
        
        
        Kane Lightowler wrote:
        > Even if Nokia does find this out first there is not to much they can 
do.
        >
        > They can create a fix for a new firmware edition that will ship in 
new models but most models that are out in the public already will never get a 
firmware update.
        >
        >
        > Regards,
        > Kane
        >
        >
        >>-----Original Message-----
        >>From: full-disclosure-admin@xxxxxxxxxxxxxxxx
        >>[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx]On Behalf Of
        >>marklist@xxxxxxxxxxx
        >>Sent: Thursday, July 08, 2004 1:43 PM
        >>To: full-disclosure@xxxxxxxxxxxxxxxx
        >>Subject: [Full-Disclosure] Nokia 3560 Remote DOS
        >>
        >>
        >>Hello list,
        >>
        >>    I have found a vulnerability with Nokia's 3560 cellular
        >>phone, in which anyone may remotely crash the phone's OS,
        >>requiring the user to disconnect the battery to restore
        >>normal functionality.  The attack only requires sending the
        >>person a specially crafted text message.  This can be done
        >>very easily via e-mail or from any capable cell phone. 
        >>
        >>I have only tested this on the 3560, but other models may be
        >>vulnerable as well. 
        >>
        >>During the attack, the phone does not emit a "new message"
        >>tone, and the message does not get stored in phone after
        >>rebooting.  Victims have no way of knowing that they have
        >>been attacked.
        >>
        >>I know this is FD and all, but due to the seriousness of this
        >>attack, I would like to notify Nokia before posting full details.
        >>
        >>Does anyone know of a security contact at Nokia?
        >>
        >>-Mark
        
        --
        Milan 't4c' Berger
        Network & Security Administrator
        21073 Hamburg
        
        gpg: http://www.ghcif.de/keys/t4c.asc
        
        _______________________________________________
        Full-Disclosure - We believe in it.
        Charter: http://lists.netsys.com/full-disclosure-charter.html
        

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Nokia 3560 Remote DOS
  - From: Jordan Cole (stilist)
- Re: [security] RE: [Full-Disclosure] Nokia 3560 Remote DOS
  - From: Shawn McMahon

Prev by Date: Re: [Full-Disclosure] Web sites compromised by IIS attack
Next by Date: Re: [Full-Disclosure] shell:windows command question
Previous by thread: Re: [Full-Disclosure] Nokia 3560 Remote DOS
Next by thread: Re: [Full-Disclosure] Nokia 3560 Remote DOS
Index(es):
- Date
- Thread