[Full-Disclosure] Nokia 3560 Remote DOS
Hello list, I have found a vulnerability with Nokia's 3560 cellular phone, in which anyone may remotely crash the phone's OS, requiring the user to disconnect the battery to restore normal functionality. The attack only requires sending the person a specially crafted text message. This can be done very easily via e-mail or from any capable cell phone. I have only tested this on the 3560, but other models may be vulnerable as well. During the attack, the phone does not emit a "new message" tone, and the message does not get stored in phone after rebooting. Victims have no way of knowing that they have been attacked. I know this is FD and all, but due to the seriousness of this attack, I would like to notify Nokia before posting full details. Does anyone know of a security contact at Nokia? -Mark ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Nokia 3560 Remote DOS
Yes that is correct, you can walk into alot of mobile stores and they will upgrade the firmware for you at a price. Honestly how many mobile phone users do you know that would. a) know that this service exists.. b) pay for this service.. Myself, I could count them on one hand. Regards, Kane -Original Message- From: [EMAIL PROTECTED] on behalf of Milan 't4c' Berger Sent: Thu 8/07/2004 7:26 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [Full-Disclosure] Nokia 3560 Remote DOS You can get updates for money. Here in germany you pay about 20 Euro for updating firmware, but like old bugs told us, Nokia doesn't really care about there mistakes. Regards, Milan Kane Lightowler wrote: > Even if Nokia does find this out first there is not to much they can do. > > They can create a fix for a new firmware edition that will ship in new models but most models that are out in the public already will never get a firmware update. > > > Regards, > Kane > > >>-Original Message- >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED] Behalf Of >>[EMAIL PROTECTED] >>Sent: Thursday, July 08, 2004 1:43 PM >>To: [EMAIL PROTECTED] >>Subject: [Full-Disclosure] Nokia 3560 Remote DOS >> >> >>Hello list, >> >>I have found a vulnerability with Nokia's 3560 cellular >>phone, in which anyone may remotely crash the phone's OS, >>requiring the user to disconnect the battery to restore >>normal functionality. The attack only requires sending the >>person a specially crafted text message. This can be done >>very easily via e-mail or from any capable cell phone. >> >>I have only tested this on the 3560, but other models may be >>vulnerable as well. >> >>During the attack, the phone does not emit a "new message" >>tone, and the message does not get stored in phone after >>rebooting. Victims have no way of knowing that they have >>been attacked. >> >>I know this is FD and all, but due to the seriousness of this >>attack, I would like to notify Nokia before posting full details. >> >>Does anyone know of a security contact at Nokia? >> >>-Mark -- Milan 't4c' Berger Network & Security Administrator 21073 Hamburg gpg: http://www.ghcif.de/keys/t4c.asc ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Nokia 3560 Remote DOS
So basically, this amounts to: if the exploit is released, a lotta people are gonna be screwed. More than with a usual problem of this sort. > Yes that is correct, you can walk into alot of mobile stores and they will upgrade > the firmware for you at a price. > > Honestly how many mobile phone users do you know that would. > a) know that this service exists.. > b) pay for this service.. > > Myself, I could count them on one hand. > -- [stlst] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Nokia 3560 Remote DOS
Tell me how please :) - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 08, 2004 5:42 AM Subject: [Full-Disclosure] Nokia 3560 Remote DOS > Hello list, > > I have found a vulnerability with Nokia's 3560 cellular phone, in which anyone may remotely crash the phone's OS, requiring the user to disconnect the battery to restore normal functionality. The attack only requires sending the person a specially crafted text message. This can be done very easily via e-mail or from any capable cell phone. > > I have only tested this on the 3560, but other models may be vulnerable as well. > > During the attack, the phone does not emit a "new message" tone, and the message does not get stored in phone after rebooting. Victims have no way of knowing that they have been attacked. > > I know this is FD and all, but due to the seriousness of this attack, I would like to notify Nokia before posting full details. > > Does anyone know of a security contact at Nokia? > > -Mark > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Nokia 3560 Remote DOS
Follow rfpolicy http://www.wiretrip.net/rfp/policy.html Nokia Group Nokia House Keilalahdentie 4 FIN-02150 Espoo PO Box 226 FIN 00045 NOKIA GROUP Tel: +358-7180-08000 Fax: +358-7180-38226 Fax: +358-7180-38303 (Corporate Communications) Email: [EMAIL PROTECTED] Nokia Networks Keilalahdentie 4 FIN-02150 Espoo P.O.Box 300 FIN-00045 NOKIA GROUP Finland Tel: +358-7180-08000 Fax: +358-7180-38200 (Comms) Nokia Ventures Organization Keilalahdentie 4 FIN-02150 Espoo P.O. Box 207 FIN-00045 NOKIA GROUP Tel: +358-7180-08000 Fax: +358-7180-62590 Nokia Mobile Phones Keilalahdentie 4 FIN-02150 Espoo PO Box 100 FIN-00045 NOKIA GROUP Finland Tel: +358-7180-08000 Fax: + 358-7180-45782 Australia and New Zealand AUSTRALIA Nokia Australia Pty Ltd 19 Harris St Pyrmont NSW 2009 Australia Tel: +61-2-9429-9000 Fax: +61-2-9429- NEW ZEALAND Nokia NZ Ltd Level 4 60 Stanley Street Parnell Auckland 1001 P.O.Box 5464 Wellesley Street New Zealand Tel: +64-9-3022-666 Fax: +64-9-3022-888 Contact Nokia Internet Communications office Australia Tel: 1 800 147 712 New Zealand Tel: 0800 44 0785 e-mail: [EMAIL PROTECTED] Contact Nokia Training Tel: 1 650 625 2435 e-mail: Nokia Security Training ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Nokia 3560 Remote DOS
Am Do, den 08.07.2004 schrieb Milan 't4c' Berger um 11:26: > You can get updates for money. > Here in germany you pay about 20 Euro for updating firmware, but like > old bugs told us, Nokia doesn't really care about there mistakes. I never paid for a firmware update in Germany, but it may depend on where you go. I always go to a Nokia Repair Center. Cheers Marcus signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: [Full-Disclosure] Nokia 3560 Remote DOS
Well, are you going to let the cat out of the bag? On Sat, 10 Jul 2004 22:29:58 +0200, Marcus Specht <[EMAIL PROTECTED]> wrote: > Am Do, den 08.07.2004 schrieb Milan 't4c' Berger um 11:26: > > You can get updates for money. > > Here in germany you pay about 20 Euro for updating firmware, but like > > old bugs told us, Nokia doesn't really care about there mistakes. > > I never paid for a firmware update in Germany, but it may depend on > where you go. I always go to a Nokia Repair Center. > > Cheers > Marcus > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Nokia 3560 Remote DOS
This is fake. On Sat, 10 Jul 2004 22:21:18 -0400, Matt Burke <[EMAIL PROTECTED]> wrote: > Well, are you going to let the cat out of the bag? > > > > On Sat, 10 Jul 2004 22:29:58 +0200, Marcus Specht > <[EMAIL PROTECTED]> wrote: > > Am Do, den 08.07.2004 schrieb Milan 't4c' Berger um 11:26: > > > You can get updates for money. > > > Here in germany you pay about 20 Euro for updating firmware, but like > > > old bugs told us, Nokia doesn't really care about there mistakes. > > > > I never paid for a firmware update in Germany, but it may depend on > > where you go. I always go to a Nokia Repair Center. > > > > Cheers > > Marcus > > > > > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Nokia 3560 Remote DOS
Even if Nokia does find this out first there is not to much they can do. They can create a fix for a new firmware edition that will ship in new models but most models that are out in the public already will never get a firmware update. Regards, Kane > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > [EMAIL PROTECTED] > Sent: Thursday, July 08, 2004 1:43 PM > To: [EMAIL PROTECTED] > Subject: [Full-Disclosure] Nokia 3560 Remote DOS > > > Hello list, > > I have found a vulnerability with Nokia's 3560 cellular > phone, in which anyone may remotely crash the phone's OS, > requiring the user to disconnect the battery to restore > normal functionality. The attack only requires sending the > person a specially crafted text message. This can be done > very easily via e-mail or from any capable cell phone. > > I have only tested this on the 3560, but other models may be > vulnerable as well. > > During the attack, the phone does not emit a "new message" > tone, and the message does not get stored in phone after > rebooting. Victims have no way of knowing that they have > been attacked. > > I know this is FD and all, but due to the seriousness of this > attack, I would like to notify Nokia before posting full details. > > Does anyone know of a security contact at Nokia? > > -Mark > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Nokia 3560 Remote DOS
http://www.auscert.org.au/render.html?it=2795&cid=1 Similar vuln on the 6210 was discovered a while back > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Milan 't4c' Berger > Sent: 08 July 2004 10:26 > To: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] Nokia 3560 Remote DOS > > You can get updates for money. > Here in germany you pay about 20 Euro for updating firmware, > but like old bugs told us, Nokia doesn't really care about > there mistakes. > > > Regards, > Milan > > > Kane Lightowler wrote: > > Even if Nokia does find this out first there is not to much > they can do. > > > > They can create a fix for a new firmware edition that will > ship in new models but most models that are out in the public > already will never get a firmware update. > > > > > > Regards, > > Kane > > > > > >>-Original Message- > >>From: [EMAIL PROTECTED] > >>[mailto:[EMAIL PROTECTED] Behalf Of > >>[EMAIL PROTECTED] > >>Sent: Thursday, July 08, 2004 1:43 PM > >>To: [EMAIL PROTECTED] > >>Subject: [Full-Disclosure] Nokia 3560 Remote DOS > >> > >> > >>Hello list, > >> > >>I have found a vulnerability with Nokia's 3560 cellular > >>phone, in which anyone may remotely crash the phone's OS, > >>requiring the user to disconnect the battery to restore > >>normal functionality. The attack only requires sending the > >>person a specially crafted text message. This can be done > >>very easily via e-mail or from any capable cell phone. > >> > >>I have only tested this on the 3560, but other models may be > >>vulnerable as well. > >> > >>During the attack, the phone does not emit a "new message" > >>tone, and the message does not get stored in phone after > >>rebooting. Victims have no way of knowing that they have > >>been attacked. > >> > >>I know this is FD and all, but due to the seriousness of this > >>attack, I would like to notify Nokia before posting full details. > >> > >>Does anyone know of a security contact at Nokia? > >> > >>-Mark > > -- > Milan 't4c' Berger > Network & Security Administrator > 21073 Hamburg > > gpg: http://www.ghcif.de/keys/t4c.asc > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.656 / Virus Database: 421 - Release Date: 09/04/2004 > > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.656 / Virus Database: 421 - Release Date: 09/04/2004 ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Nokia 3560 Remote DOS
You can get updates for money. Here in germany you pay about 20 Euro for updating firmware, but like old bugs told us, Nokia doesn't really care about there mistakes. Regards, Milan Kane Lightowler wrote: Even if Nokia does find this out first there is not to much they can do. They can create a fix for a new firmware edition that will ship in new models but most models that are out in the public already will never get a firmware update. Regards, Kane -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Thursday, July 08, 2004 1:43 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Nokia 3560 Remote DOS Hello list, I have found a vulnerability with Nokia's 3560 cellular phone, in which anyone may remotely crash the phone's OS, requiring the user to disconnect the battery to restore normal functionality. The attack only requires sending the person a specially crafted text message. This can be done very easily via e-mail or from any capable cell phone. I have only tested this on the 3560, but other models may be vulnerable as well. During the attack, the phone does not emit a "new message" tone, and the message does not get stored in phone after rebooting. Victims have no way of knowing that they have been attacked. I know this is FD and all, but due to the seriousness of this attack, I would like to notify Nokia before posting full details. Does anyone know of a security contact at Nokia? -Mark -- Milan 't4c' Berger Network & Security Administrator 21073 Hamburg gpg: http://www.ghcif.de/keys/t4c.asc ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [security] RE: [Full-Disclosure] Nokia 3560 Remote DOS
On Thu, Jul 08, 2004 at 11:04:47PM +1000, Kane Lightowler said: > Yes that is correct, you can walk into alot of mobile stores and they will upgrade > the firmware for you at a price. Here in the US they don't all charge. Cingular has upgraded firmware on more than one of my phones before for free. > Honestly how many mobile phone users do you know that would. > a) know that this service exists.. > b) pay for this service.. Generally unless there is a problem that crashes their phone, it's going to be a small number. In fact, often even if it crashes the phone, people won't think to address the problem unless it crashes a lot. -- Shawn McMahon | Let's set the record straight. There is no argument EIV Consulting | over the choice between peace and war, but there is UNIX and Linux | only one guaranteed way you can have peace - and you http://www.eiv.com | can have it in the next second - surrender. - Reagan pgptzakUplD7n.pgp Description: PGP signature