Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » SMS phone crash exploit a risk for older Nokias

SMS phone crash exploit a risk for older Nokias

by Nikola Strahija on December 13th, 2001 Nokia has upgraded its phone software to guard against a security glitch that might allow a cracker to render a phone inoperable by sending a text message. However, older phones may still be vulnerable.


A researcher at security firm ITSX, gave a presentation during a recent Black Hat conference, where he demonstrated how a malformed message crashes a Nokia 6210 phone on its receipt. He did this by adapting a program called sms_client, which sends an SMS message from an Internet-connected PC, in which the User Data Header is broken.

Once the message is received it is impossible to turn on an infected phone again without somehow deleting the offending message. The vulnerability
is tied to the software used by a phone. The flaw affects Nokia 6210, 3310 and 3330 phones, de Haas has discovered, but not a Siemens phone he tried.

Nokia spokesman told us that the phone manufacturer implemented a fix for the problem.
He declined to be specific about the nature of the bug but said Nokia has "made the correction and implemented it in our phone programmes, meaning that phones rolling out of the factory have a fix in them."

Although phones produced since this summer are immune, older phones might still be vulnerable to the exploit. He has determined the bug to be fixed in release 5.27 for the 6210. Upgrading phone software to guard against the flaw can't be done by users themselves, and would require a trip to a Nokia service centre.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »