http://www.auscert.org.au/render.html?it=2795&cid=1
Similar vuln on the 6210 was discovered a while back > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Milan 't4c' Berger > Sent: 08 July 2004 10:26 > To: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] Nokia 3560 Remote DOS > > You can get updates for money. > Here in germany you pay about 20 Euro for updating firmware, > but like old bugs told us, Nokia doesn't really care about > there mistakes. > > > Regards, > Milan > > > Kane Lightowler wrote: > > Even if Nokia does find this out first there is not to much > they can do. > > > > They can create a fix for a new firmware edition that will > ship in new models but most models that are out in the public > already will never get a firmware update. > > > > > > Regards, > > Kane > > > > > >>-----Original Message----- > >>From: [EMAIL PROTECTED] > >>[mailto:[EMAIL PROTECTED] Behalf Of > >>[EMAIL PROTECTED] > >>Sent: Thursday, July 08, 2004 1:43 PM > >>To: [EMAIL PROTECTED] > >>Subject: [Full-Disclosure] Nokia 3560 Remote DOS > >> > >> > >>Hello list, > >> > >> I have found a vulnerability with Nokia's 3560 cellular > >>phone, in which anyone may remotely crash the phone's OS, > >>requiring the user to disconnect the battery to restore > >>normal functionality. The attack only requires sending the > >>person a specially crafted text message. This can be done > >>very easily via e-mail or from any capable cell phone. > >> > >>I have only tested this on the 3560, but other models may be > >>vulnerable as well. > >> > >>During the attack, the phone does not emit a "new message" > >>tone, and the message does not get stored in phone after > >>rebooting. Victims have no way of knowing that they have > >>been attacked. > >> > >>I know this is FD and all, but due to the seriousness of this > >>attack, I would like to notify Nokia before posting full details. > >> > >>Does anyone know of a security contact at Nokia? > >> > >>-Mark > > -- > Milan 't4c' Berger > Network & Security Administrator > 21073 Hamburg > > gpg: http://www.ghcif.de/keys/t4c.asc > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.656 / Virus Database: 421 - Release Date: 09/04/2004 > > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.656 / Virus Database: 421 - Release Date: 09/04/2004 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
