Hello list,
I have found a vulnerability with Nokia's 3560 cellular phone, in which anyone may
remotely crash the phone's OS, requiring the user to disconnect the battery to restore
normal functionality. The attack only requires sending the person a specially crafted
text message. This can be done very easily via e-mail or from any capable cell phone.
I have only tested this on the 3560, but other models may be vulnerable as well.
During the attack, the phone does not emit a "new message" tone, and the message does
not get stored in phone after rebooting. Victims have no way of knowing that they
have been attacked.
I know this is FD and all, but due to the seriousness of this attack, I would like to
notify Nokia before posting full details.
Does anyone know of a security contact at Nokia?
-Mark
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
