[Full-Disclosure] Nokia 3560 Remote DOS

[marklist]

Hello list,

I have found a vulnerability with Nokia's 3560 cellular phone, in which anyone may 
remotely crash the phone's OS, requiring the user to disconnect the battery to restore 
normal functionality.  The attack only requires sending the person a specially crafted 
text message.  This can be done very easily via e-mail or from any capable cell phone. 
 

I have only tested this on the 3560, but other models may be vulnerable as well.  

During the attack, the phone does not emit a "new message" tone, and the message does 
not get stored in phone after rebooting.  Victims have no way of knowing that they 
have been attacked.

I know this is FD and all, but due to the seriousness of this attack, I would like to 
notify Nokia before posting full details. 

Does anyone know of a security contact at Nokia?

-Mark

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Nokia 3560 Remote DOS

[Kane Lightowler]

Yes that is correct, you can walk into alot of mobile stores and they will upgrade the 
firmware for you at a price.
 
Honestly how many mobile phone users do you know that would.
a) know that this service exists..
b) pay for this service..
 
Myself, I could count them on one hand.
 
Regards,
Kane

-Original Message- 
From: [EMAIL PROTECTED] on behalf of Milan 't4c' Berger 
Sent: Thu 8/07/2004 7:26 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: Re: [Full-Disclosure] Nokia 3560 Remote DOS



You can get updates for money.
Here in germany you pay about 20 Euro for updating firmware, but like
old bugs told us, Nokia doesn't really care about there mistakes.


Regards,
 Milan


Kane Lightowler wrote:
> Even if Nokia does find this out first there is not to much they can do.
>
> They can create a fix for a new firmware edition that will ship in new 
models but most models that are out in the public already will never get a firmware 
update.
>
>
> Regards,
> Kane
>
>
>>-Original Message-
>>From: [EMAIL PROTECTED]
>>[mailto:[EMAIL PROTECTED] Behalf Of
>>[EMAIL PROTECTED]
>>Sent: Thursday, July 08, 2004 1:43 PM
    >>To: [EMAIL PROTECTED]
>>Subject: [Full-Disclosure] Nokia 3560 Remote DOS
>>
>>
>>Hello list,
>>
>>I have found a vulnerability with Nokia's 3560 cellular
>>phone, in which anyone may remotely crash the phone's OS,
>>requiring the user to disconnect the battery to restore
>>normal functionality.  The attack only requires sending the
>>person a specially crafted text message.  This can be done
>>very easily via e-mail or from any capable cell phone. 
>>
>>I have only tested this on the 3560, but other models may be
>>vulnerable as well. 
>>
>>During the attack, the phone does not emit a "new message"
>>tone, and the message does not get stored in phone after
>>rebooting.  Victims have no way of knowing that they have
>>been attacked.
>>
>>I know this is FD and all, but due to the seriousness of this
>>attack, I would like to notify Nokia before posting full details.
>>
>>Does anyone know of a security contact at Nokia?
>>
>>-Mark

--
Milan 't4c' Berger
Network & Security Administrator
21073 Hamburg

gpg: http://www.ghcif.de/keys/t4c.asc

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Nokia 3560 Remote DOS

[Jordan Cole (stilist)]

So basically, this amounts to: if the exploit is released, a lotta
people are gonna be screwed. More than with a usual problem of this
sort.

> Yes that is correct, you can walk into alot of mobile stores and they will upgrade 
> the firmware for you at a price.
> 
> Honestly how many mobile phone users do you know that would.
> a) know that this service exists..
> b) pay for this service..
> 
> Myself, I could count them on one hand.
> 

-- 

[stlst]

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Nokia 3560 Remote DOS

[William J.W. Sprakel @ ActiveMinds]

Tell me how please :)

- Original Message - 
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 08, 2004 5:42 AM
Subject: [Full-Disclosure] Nokia 3560 Remote DOS


> Hello list,
>
> I have found a vulnerability with Nokia's 3560 cellular phone, in
which anyone may remotely crash the phone's OS, requiring the user to
disconnect the battery to restore normal functionality.  The attack only
requires sending the person a specially crafted text message.  This can be
done very easily via e-mail or from any capable cell phone.
>
> I have only tested this on the 3560, but other models may be vulnerable as
well.
>
> During the attack, the phone does not emit a "new message" tone, and the
message does not get stored in phone after rebooting.  Victims have no way
of knowing that they have been attacked.
>
> I know this is FD and all, but due to the seriousness of this attack, I
would like to notify Nokia before posting full details.
>
> Does anyone know of a security contact at Nokia?
>
> -Mark
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Nokia 3560 Remote DOS

[Matt Burke]

Follow rfpolicy

http://www.wiretrip.net/rfp/policy.html


Nokia Group

Nokia House
Keilalahdentie 4
FIN-02150 Espoo
PO Box 226
FIN 00045 NOKIA GROUP   Tel: +358-7180-08000
Fax: +358-7180-38226
Fax: +358-7180-38303
(Corporate Communications)
Email: [EMAIL PROTECTED]

Nokia Networks
Keilalahdentie 4
FIN-02150 Espoo
P.O.Box 300
FIN-00045 NOKIA GROUP
Finland Tel: +358-7180-08000
Fax: +358-7180-38200
(Comms)

Nokia Ventures Organization
Keilalahdentie 4
FIN-02150 Espoo
P.O. Box 207
FIN-00045 NOKIA GROUP   Tel: +358-7180-08000
Fax: +358-7180-62590

Nokia Mobile Phones
Keilalahdentie 4
FIN-02150 Espoo
PO Box 100
FIN-00045 NOKIA GROUP
Finland Tel: +358-7180-08000
Fax: + 358-7180-45782

Australia and New Zealand
AUSTRALIA

Nokia Australia Pty Ltd
19 Harris St
Pyrmont NSW 2009
Australia   Tel: +61-2-9429-9000
Fax: +61-2-9429-


NEW ZEALAND

Nokia NZ Ltd
Level 4
60 Stanley Street
Parnell
Auckland 1001
P.O.Box 5464
Wellesley Street
New Zealand Tel: +64-9-3022-666
Fax: +64-9-3022-888

Contact Nokia Internet Communications office
Australia   Tel: 1 800 147 712
New Zealand Tel: 0800 44 0785
e-mail: [EMAIL PROTECTED]

Contact Nokia Training
Tel: 1 650 625 2435
e-mail: Nokia Security Training

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Nokia 3560 Remote DOS

[Marcus Specht]

Am Do, den 08.07.2004 schrieb Milan 't4c' Berger um 11:26:
> You can get updates for money.
> Here in germany you pay about 20 Euro for updating firmware, but like 
> old bugs told us, Nokia doesn't really care about there mistakes.

I never paid for a firmware update in Germany, but it may depend on
where you go. I always go to a Nokia Repair Center.

Cheers
Marcus


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

Re: [Full-Disclosure] Nokia 3560 Remote DOS

[Matt Burke]

Well, are you going to let the cat out of the bag?

On Sat, 10 Jul 2004 22:29:58 +0200, Marcus Specht
<[EMAIL PROTECTED]> wrote:
> Am Do, den 08.07.2004 schrieb Milan 't4c' Berger um 11:26:
> > You can get updates for money.
> > Here in germany you pay about 20 Euro for updating firmware, but like
> > old bugs told us, Nokia doesn't really care about there mistakes.
> 
> I never paid for a firmware update in Germany, but it may depend on
> where you go. I always go to a Nokia Repair Center.
> 
> Cheers
> Marcus
> 
> 
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Nokia 3560 Remote DOS

[404]

This is fake.

On Sat, 10 Jul 2004 22:21:18 -0400, Matt Burke <[EMAIL PROTECTED]> wrote:
> Well, are you going to let the cat out of the bag?
> 
> 
> 
> On Sat, 10 Jul 2004 22:29:58 +0200, Marcus Specht
> <[EMAIL PROTECTED]> wrote:
> > Am Do, den 08.07.2004 schrieb Milan 't4c' Berger um 11:26:
> > > You can get updates for money.
> > > Here in germany you pay about 20 Euro for updating firmware, but like
> > > old bugs told us, Nokia doesn't really care about there mistakes.
> >
> > I never paid for a firmware update in Germany, but it may depend on
> > where you go. I always go to a Nokia Repair Center.
> >
> > Cheers
> > Marcus
> >
> >
> >
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Nokia 3560 Remote DOS

[Kane Lightowler]

Even if Nokia does find this out first there is not to much they can do.

They can create a fix for a new firmware edition that will ship in new models but most 
models that are out in the public already will never get a firmware update.


Regards,
Kane

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of
> [EMAIL PROTECTED]
> Sent: Thursday, July 08, 2004 1:43 PM
> To: [EMAIL PROTECTED]
> Subject: [Full-Disclosure] Nokia 3560 Remote DOS
> 
> 
> Hello list,
> 
> I have found a vulnerability with Nokia's 3560 cellular 
> phone, in which anyone may remotely crash the phone's OS, 
> requiring the user to disconnect the battery to restore 
> normal functionality.  The attack only requires sending the 
> person a specially crafted text message.  This can be done 
> very easily via e-mail or from any capable cell phone.  
> 
> I have only tested this on the 3560, but other models may be 
> vulnerable as well.  
> 
> During the attack, the phone does not emit a "new message" 
> tone, and the message does not get stored in phone after 
> rebooting.  Victims have no way of knowing that they have 
> been attacked.
> 
> I know this is FD and all, but due to the seriousness of this 
> attack, I would like to notify Nokia before posting full details. 
> 
> Does anyone know of a security contact at Nokia?
> 
> -Mark
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Nokia 3560 Remote DOS

[Mark Laurence]

 http://www.auscert.org.au/render.html?it=2795&cid=1

Similar vuln on the 6210 was discovered a while back

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of 
> Milan 't4c' Berger
> Sent: 08 July 2004 10:26
> To: [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] Nokia 3560 Remote DOS
> 
> You can get updates for money.
> Here in germany you pay about 20 Euro for updating firmware, 
> but like old bugs told us, Nokia doesn't really care about 
> there mistakes.
> 
> 
> Regards,
>  Milan
> 
> 
> Kane Lightowler wrote:
> > Even if Nokia does find this out first there is not to much 
> they can do.
> > 
> > They can create a fix for a new firmware edition that will 
> ship in new models but most models that are out in the public 
> already will never get a firmware update.
> > 
> > 
> > Regards,
> > Kane
> > 
> > 
> >>-Original Message-
> >>From: [EMAIL PROTECTED]
> >>[mailto:[EMAIL PROTECTED] Behalf Of
> >>[EMAIL PROTECTED]
> >>Sent: Thursday, July 08, 2004 1:43 PM
> >>To: [EMAIL PROTECTED]
> >>Subject: [Full-Disclosure] Nokia 3560 Remote DOS
> >>
> >>
> >>Hello list,
> >>
> >>I have found a vulnerability with Nokia's 3560 cellular 
> >>phone, in which anyone may remotely crash the phone's OS, 
> >>requiring the user to disconnect the battery to restore 
> >>normal functionality.  The attack only requires sending the 
> >>person a specially crafted text message.  This can be done 
> >>very easily via e-mail or from any capable cell phone.  
> >>
> >>I have only tested this on the 3560, but other models may be 
> >>vulnerable as well.  
> >>
> >>During the attack, the phone does not emit a "new message" 
> >>tone, and the message does not get stored in phone after 
> >>rebooting.  Victims have no way of knowing that they have 
> >>been attacked.
> >>
> >>I know this is FD and all, but due to the seriousness of this 
> >>attack, I would like to notify Nokia before posting full details. 
> >>
> >>Does anyone know of a security contact at Nokia?
> >>
> >>-Mark
> 
> -- 
> Milan 't4c' Berger
> Network & Security Administrator
> 21073 Hamburg
> 
> gpg: http://www.ghcif.de/keys/t4c.asc
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.656 / Virus Database: 421 - Release Date: 09/04/2004
>  
> 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.656 / Virus Database: 421 - Release Date: 09/04/2004
 

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Nokia 3560 Remote DOS

[Milan 't4c' Berger]

You can get updates for money.
Here in germany you pay about 20 Euro for updating firmware, but like 
old bugs told us, Nokia doesn't really care about there mistakes.

Regards,
Milan
Kane Lightowler wrote:
Even if Nokia does find this out first there is not to much they can do.
They can create a fix for a new firmware edition that will ship in new models but most 
models that are out in the public already will never get a firmware update.
Regards,
Kane

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, July 08, 2004 1:43 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Nokia 3560 Remote DOS
Hello list,
   I have found a vulnerability with Nokia's 3560 cellular 
phone, in which anyone may remotely crash the phone's OS, 
requiring the user to disconnect the battery to restore 
normal functionality.  The attack only requires sending the 
person a specially crafted text message.  This can be done 
very easily via e-mail or from any capable cell phone.  

I have only tested this on the 3560, but other models may be 
vulnerable as well.  

During the attack, the phone does not emit a "new message" 
tone, and the message does not get stored in phone after 
rebooting.  Victims have no way of knowing that they have 
been attacked.

I know this is FD and all, but due to the seriousness of this 
attack, I would like to notify Nokia before posting full details. 

Does anyone know of a security contact at Nokia?
-Mark
--
Milan 't4c' Berger
Network & Security Administrator
21073 Hamburg
gpg: http://www.ghcif.de/keys/t4c.asc
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [security] RE: [Full-Disclosure] Nokia 3560 Remote DOS

[Shawn McMahon]

On Thu, Jul 08, 2004 at 11:04:47PM +1000, Kane Lightowler said:
> Yes that is correct, you can walk into alot of mobile stores and they will upgrade 
> the firmware for you at a price.

Here in the US they don't all charge.  Cingular has upgraded firmware on
more than one of my phones before for free.

> Honestly how many mobile phone users do you know that would.
> a) know that this service exists..
> b) pay for this service..

Generally unless there is a problem that crashes their phone, it's going
to be a small number.  In fact, often even if it crashes the phone,
people won't think to address the problem unless it crashes a lot.


-- 
Shawn McMahon  | Let's set the record straight. There is no argument
EIV Consulting | over the choice between peace and war, but there is
UNIX and Linux | only one guaranteed way you can have peace - and you
http://www.eiv.com | can have it in the next second - surrender. - Reagan


pgptzakUplD7n.pgp
Description: PGP signature