Even if Nokia does find this out first there is not to much they can do. They can create a fix for a new firmware edition that will ship in new models but most models that are out in the public already will never get a firmware update.
Regards, Kane > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > [EMAIL PROTECTED] > Sent: Thursday, July 08, 2004 1:43 PM > To: [EMAIL PROTECTED] > Subject: [Full-Disclosure] Nokia 3560 Remote DOS > > > Hello list, > > I have found a vulnerability with Nokia's 3560 cellular > phone, in which anyone may remotely crash the phone's OS, > requiring the user to disconnect the battery to restore > normal functionality. The attack only requires sending the > person a specially crafted text message. This can be done > very easily via e-mail or from any capable cell phone. > > I have only tested this on the 3560, but other models may be > vulnerable as well. > > During the attack, the phone does not emit a "new message" > tone, and the message does not get stored in phone after > rebooting. Victims have no way of knowing that they have > been attacked. > > I know this is FD and all, but due to the seriousness of this > attack, I would like to notify Nokia before posting full details. > > Does anyone know of a security contact at Nokia? > > -Mark > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
