Slashdot Mirror
DoS Vulnerability On Nokia Phones
Matt_Bennett writes "According to this report from CNN, it is possible to send a SMS (Short Message Service) message to certain Nokia GSM phones, in particular the Nokia 7110, which will cause it to lock up. At this point, they are unsure if it is possible from an email-to-SMS gateway. The phone has to have its battery removed and replaced to return to normal operation." "Sorry I couldn't call you back, my phone was haxx0r3d." We laugh, but as personal electronics get better, we rely on them more... and at the same time, they become more complex: the potential security holes grow. Its kinda creapy.
On norwegian TV yesterday, they interviewed some Nokia techies finishing up their research on the matter. Its seems that this bug only can be recreated with some sort of Nokia development software and equipment. This things are not readlily avalible.
Next version of this software should solve the issue. A recall of the exploitalbe phones is not consideredIt's amazing how unclued that company can remain.
It's not really just Nokia, it's the general short-sightedness of corporations still unable to get the clue from their own work-force geeks.
We're moving to information age not because of funny gadgets, but because of real, hard-to-use, hard-to-beat endlessly-programmable-information-processing-cap
</rant>
Vision:
I want a necklace of batteries and PCMCIA cards wired to my earplugs and sights, that I can secure myself against hazardous SMS'es and other forthcoming hacks.
I think, therefore thoughts exist. Ego is just an impression.
No, I just have a job where we
make sms solutions and it would be great,
if we could filter out this type of messages.
how mission-critical is a cell phone? must it be online at all times? must it have zero down time?
for a DoS attack to be successful, the point is to flood a server that is required to be online at all times and that denial successfully takes them offline for an extended length of time.
this isn't a true DoS attack because the person sending it would have to send out a continual stream of these malformed messages that would get bounced back to them as soon as one brings down the phone. Also, the SMS provider software would shut down the point of entry if their load from a point becomes too large.
I would call this a simple software glitch that has the unfortunate problem of causing the phone's OS to crash.
call it a runtime error. call it a macintosh system error. it's just not a DoS
so this should be called a triggered runtime error instead of a DoS
Who are the geniuses that think these things up?
My guess would be Hanna-Barbara. We're all just bit players in a big Jetsons episode.
"I will gladly pay you today, sir, and eat up
Sacred cows make the best burgers.
As Dr. Evil said, "Give me a frickin' break."
I think he meant crappy... or maybe a mix of the two. It is creepy and crappy at the same time, hence "creapy".
Not really, a DoS attack is anything that Denies Service, its just so happens that what you describe (I believe its called a smurf attack) is one common way to do that on the net.
Also, cell phones are mission critical, for some people anyway. Emergency workers (firefighters, cops, ambulance drivers, etc) are beginning to rely more & more on cell phones for communication. The fact that someone can send my phone a message that forced me to manually reset the phone is pretty pitiful. IF something like this occured in, say, Pine or Elm, its would be considered a pretty big flaw.
---- I made the Kessel Run in under 11 parsecs.
Friend at work was able to construct a SMS message that crashed every GSM phone available at the company (And understandably, SMS messaging services oriented company has practically all models to test with), not only when sent to phone, but just by being on the SIM card. (Obviously, this crash triggered when parsing the message from memory.) On the bright side, you need SMSC to construct and send such a message.
Just to state that this is hardly Nokia-specific problem, but of course, Nokia is most visible target, just like Microsoft.
Actually, if a Nokia phone is hit by a DoS attack, (7110 especially) it is permanently impossible to send or receive SMS messages. No kidding!
And the thing is, for reconfiguration messages, you have to confirm whether you want them or not. If the user chooses to do so, it's their fault... How clueless could you be to get a reconfiguration message out of the blue and go "Ooh, better accept this!"?
Open Source. Closed Minds. We are Slashdot.
- How mission-critical the cell phone is depends on who is using it. If it's your average SUV-driving latte-drinking yuppie, then no -- it isn't mission critical at all. But if it's a medical worker on call, it better be considered mission-critical.
- The downtime depends on how soon the person notices that the cellphone has crashed.
- I simply hate the way people are so used to Windows that they expect instability from an operating system. What happens when silicon becomes even more common? I would hate the day my refrigerator had a GPF...
for a DoS attack to be successful, the point is to flood a server that is required to be online at all times and that denial successfully takes them offline for an extended length of time.DoS stands for Denial of Service, in case you were wondering. A DoS attack is anything that denies anyone service. Neither does it have to be against a server, nor does it have to be a flood. For example, the Winnuke attack was neither a flood, nor against a server (assuming that people aren't running servers on Windos).
I would call this a simple software glitch that has the unfortunate problem of causing the phone's OS to crash.
Oh sure, let me just reboot my cellphone. That's no problem, right? I mean software was meant to crash. And if my refrigerator (just wait a few years) suddently decides to crash in the middle of the night, I'll just run down and reboot it as well. No problem!
call it a runtime error. call it a macintosh system error. it's just not a DoS
See above.
--
Sure, but what about when you wake up at 4AM, and want the lighs on. You could boot up your box, dial up, go to a web ste, put some passwords in, find the right button to click and the light comes on! If you want a blue light, load windows!
Seriously though, isnt it cool in star trek when they can control lights by voice. Sensors could turn lights off when you leave the room etc. They dont need to be accessable to Bob in Austrailia, but the applications are endless.
Having your video recorder available on the net so you can set it recording from work is another very useful thing. As you are driving home you can mumble something about coffee and your car would pick it up, relay it to your kettle and the kettle would switch on, saving you a couple of minutes as its boiled as you get in.
Web enables bog roll is defiantly a useless thing, but there are many applications for web enabled consumer items, or at least a web enabled X10 interface.
I ama big cynic when it comes to these new things, like WAP, but I have often wanted to send a quick email from my old non-wap mobile, or perhaps see the time of the next train.
Call it a BSOD.
My phone (non wap mind you) receives text messages when I am in a call, if it crashed then, perhaps while driving, I would not be happy. If someone floods my dial up connection I have to reconnect, its annoying. Its not essential I am on 24/7 (in fat its more like 19/7), but It's annoying when I have to disconnect (2 hour time out in the UK).
This is literaly a denial of service, but it's not covered by the conventional DoS definition, which is permanent.
(assuming that people aren't running servers on Windos).
Didnt Winnuke rely on port 139 being open, which is, If I can remember back to my windows days, a NetBIOS server port.
Could be worse, we might have analogue networks like you instead of digital networks. TriBand phones required for full US coverage are between 5-25 times more expensive then Single band phones suitable throughout the EU.
Not even my old classmate would write with so many errors...
Why do you try to make Germans bad?
No German would replace every ue with ü...
or every ss with ß..
It's too bad that telemarketers aren't required by law to use these phones when calling to spam us.
Ericsson's phones cool? Yeah, right... Small displays, bulky outlook, lack of features compared to Nokia etc..
(not spam, but I got these prices from this page it's in Dutch and for the Dutch market though..)
GSM..ahh..Ain't Europe a great place to be right now ;-) (Apart from Asia and Japanof course..)
--
SCO employee? Check out the bounty
If the cell phone in question happened to have a high gain mic, such as those used on speaker phones, then this is definitely a possibility. However, some models may not get complete echo cancellation, so there could be scope for detection. It's a rather pricey way of surveilling, and you'd have to remember to switch Caller ID off before calling it, otherwise if it's found, you could easily be traced...
There are several models of GSM mobiles that have a speakerphone capability, which you might still be able to get hold of if you look around.
I had the luxury of having a 7110 phone while doing some WAP development, and all I have to say is; DUH! 50% of all wml pages out there crash that under-powered POS.
...get a real phone, go ericsson or nokia 9110!
This communication is secured using Rot-26 Encryption Algorithm, Unauthorized decryption will be subject to laughter.
Most cellphones automatically reboot themselves when they detect an exception. Sometimes you notice it, sometimes you don't. This is one of those cases where it's taking a long time to crash - it's probably some buffer overrun problem that causes stack corruption, which will take a non-determinate time to cause a detectable problem.
Mobile phones are becoming more and more complex - there's a huge amount of software in these things, usually upwards of 10s of millions of lines of code, spanning more that one processor. It's never possible to catch all the bugs, although there's (usually) a rigourous test phase to catch as many as possible.
Unfortunately, there's so much competition in the marketplace at the moment that new software has to be designed and coded to a very tight timescale, which means that human error is not just possible, it's very probable.
Your fridge/freezer probably already has some firmware to regulate the currently set temperature and control the quick freeze cycle or the defrost cycle - but as it doesn't have to support TCP/IP, then the firmware size is small - of the order of 10's of K, so the chance of error is reduced.
I'm curious now: If the power went out in the middle of the night, would you get up and check the fuses to work out what had blown, so that you could turn the freezer back on?
Some Qualcomm QCP phones will let you spy on other people's SMS messages if you send a SMS to yourself full of high-bit characters. This was working with Bell Titanic's email-to-SMS gateway a few months back, not sure about now. It was kind of weird to get people's backup failure notices, NOCOL errors, and Oracle alerts though.
Some characters at the beginning of the message seem to have a special meaning for Nokia phones. A friend of mine sent ascii graph chistmas greetings, but most Nokia phone owners didn't see them, because the message begun with asterisk, which seems to indicate that a control sequence begins.
sigh
Sorry no link but... I once read about a bug with the Nokia 6190 where if you shorted a couple of pins on the bottom of the phone, the display would go blank untl you turned it off or reset it.
Anyways, the implication of this was that you could set it on silent, no vibrate, auto-answer, nuke the display and then leave it somewhere close to sensitive discussions. Just call your phone and listen away.
when trying to make it easier to use (Microsoft all over). I'm fairly confident that this can't be caused by a normal SMS-msg with "normal" text (unless those Nokia engineers pulled it off -again-). Nokia phones can be configured using SMS-messages. Take Nokia WAP phones for example. They can be configured for WAP operation by receiveing an SMS message from your operator. Non-WAP Nokia phones also have similar functionality. Sending a malformed "config" msg might be what is causing this. Anyway, big deal. Nokia is a "designer" phone. Nice looks. Geeks in Scandinavia go for Ericsson (yes, I know they've fucked up in the past, but at least not as bad as Nokia this time :)
What it means is that in North America there is not the infrastructure for digital phones to be always on the digital service. Dual band phones in North America might mean Digital and Analogue, but Dual Band phones in the rest of the world mean two different carrier band frequencies. I think this answers points (1) and (2) as well.
Analogue works because the infrastructure is there. Once the infrastucture is there, digital is MUCH preferable to Analogue, and I say this having been on a digital service for four years now in Europe, and when having to deal with the hiss and crackle of a analogue service both when in Canada and the States, it really annoyed me.
As for the hacking, no it cannot happen on AMPS, but then of course with a cheap scanner, anyone can listen in on your calls.
All this new-fangled technology, it will never last!! End sarcasm.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Yup .. for example you can make the 9110 do funny things by sending it certain 'smart messaging v2' messages, like:
:(
- the communicator-side changes to mail-application without *any* sign of a received SMS
- same message but tell the phone you got a million new mails -> it'll eventually crash
..to name a couple but actually there's no need to do any special tricks to crash the thing it'll do it eventually anyway by itself
I guess he means Internet Access hooked up directly to the computer in a car. There was an article in 2600 about the Cadillac Evoq and Internet access in cars. It really is a moronic idea. Of course, my equally moronic Driver's Ed teacher was talking about how useful it would be.
Yeah, we have already begged the question
of what is it going to be like in another five
years when these devices are dominate in the
market.
When you have a chance to start from a clean
slate why isn't it done right the first time?
The answer is really simple, when you are rushing
to get something finished in a not so timely
manner... usually tests are done for the output
or operation that you expect to recieve.
You keep hacking until it starts coming out the
way it should. Security is usually an after
thought.
Everything seems to ship broken... and companies
only make repairation if it ends up costing
enough money to make it cheaper to fix.
How many of us get paid any more if their
applications are just a little higher quality
or more secure then the next guy. Management
watches time tables... always have and always
will. Until companies start changing, we are
going to see more of these incidencies.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
naah the T38m with bluetooth wireless headset kicks some serious ass.... ..now if they'd release it in the states i'd save myself the airfare...
This communication is secured using Rot-26 Encryption Algorithm, Unauthorized decryption will be subject to laughter.
...just another ignorant idiot...
cya
YerMaster
You're addicted to the net when
- You call 911 when your ISP goes down
How many people outside of Japan know about the guy who set up a WAP home page that redirected the viewer's phone to 110 (the Japanese phone number for emergency services)? They got 5500 false calls in three months around the country from idiots viewing the page. The guy who made it was arrested the other day for interfering with official services.
Now imagine that as a phone virus...
At my company, at least, security and reliability were not high priority issues. First priority was anything that might be visible to the chiefs (high executives of the company) in their use of the phones ("The CEO can't get his messages?!? Get the whole team on it right away!!!"). Second priority was marketing, which generally meant sweeping problems under the rug.
I shudder to think that anyone could be relying on these devices for important, live-and-death issues. They're considerably less reliable than, say, your typical accursed ISP. Don't depend on them!
"Remotely triggered runtime error" RTRE. there we have it.
Looking for people to chat about multicopters, coding, music. skype: gtsiros
SMS is hardly the only way to lock up your GSM
Indeed not. You can permanantly destroy many GSM mobiles (including the SIM card) just by repeatedly hitting them with a sledgehammer.
Yes, that was a joke.
Michael
...another comment from Michael Tandy.
"Goodness me, how unlike the FBI to abuse the trust of the American public." -- The Onion
> (I believe its called a smurf attack)
No, a smurf attack consisits of sending and ICMP Echo packet to the bradcast address of a subnet who still allows that sort of thing, but the trick is, you spoofed the source IP in the IP header, so every host on that subnet sends an ICMP Echo Response packet to the spoofed source IP (your target). This has the benefit of multiplying you outgoung datastream by the number of hosts on the subnet you are bouncing from. it allows you to flood the target with much more bandwidth than you have available to you.
That is a smurf attack, emailing a Cell Phone does not count.
A phone hanging is one thing, but what if it were permantly locked? I've recently played around my 7110 and successfully unlocked the simlock (to allow it to use other networks' SIM cards). Now, the scary thing is that a logical extension is that if I were to leave my IR active, it would be quite straightforward for anyone with a laptop nearby to lock the phone so that it won't work my my SIM (or any SIM for that matter)... now that's a scary thought.
Karma makes sense. It makes a lot more sense if you add reincarnation.
It seems to me that the real money is in security. As more devices gain IPs, as more people own cell phones, as more people (and countries) rely on the Internet, security becomes a major issue.
It's scary to think that World War III could be some hacker dismantling America's computer systems, and suddenly we're stuck with very little. I'm quite surprised we haven't focused even more on security.
Now, even my cell phone is at risk. Do you honestly think I'm going to go ahead and submit credit card information over the Internet just yet?
Luckily, this isn't burglary. On the Internet, things are a bit more easily tracked I would think. Security isn't difficult -- precautions aren't hard to fathom. Therefore, it is any company's responsibility to consider this before netting their devices.
I just think it's scary. We're so dependant one these things. But it's no less frightening then the first cars and the chance of getting hit, or even the first horses and stepping in sh*t. (that rhymed)
My point is: this is all necessary and wonderful, but let's just be very, very careful. Hopefully Congress will get moving and other countries will too.
The next comment I write will be ready soon, but subscribers can beat the rush and see it early!
Exactly the same thing happens (or happened, until I got the firmware upgraded) to my Nokia 6150.. only happened with Quios SMS though, I couldn't read them when they came in, they'd lock up the phone.. so I'd remove/replace the battery, and then they were fine.
I have a 7110 and occasionally use it for WAP - I would use it more, but about 1/3 of all pages I browse, including some portal sites, just can't be displayed. So calling this a good browser is rather an exaggeration, though it may well be better than the others you tested.
Flamebait?! Come on moderators, you could at least mark it "offtopic", or "not funny" or something!
Does someone got any examples how to do this ??
At least now when I don't answer my boss I'll have a good excuse...
But that reminds me of a funny story. A very long time ago, I was working with an engineer who'd come out of the auto industry. I asked him when we would see ABS brakes in actual consumer cars. He told me he would never drive a car that relied on (possibly buggy) software to stop. "It brings a whole new meaning to the halting problem!"
And just HOW does Nextel work so damn well? I think it's somehow magically enchanted.
Blue Neon - quite possibly the perfect semi-caffiene-inspired online comic.
Actually... ;)
;)
;)
Yes, some of the TCP/IP stacks for DOS have some well-known issues... Especially buffer overflows.
Nowadays, they're rare indeed as most internet apps are linked against Watt-32 (the successor to WatTcp). Since it's still actively developed, any DoS attacks can be fixed in the library source and the app can be relinked. Just like on *nix..
And, please... NO DOS IS DEAD EMAILS... Thanks... I get enough of it IRL, don't need it from here too...
--Matt
My off-the-wall opinions are just that: mine. (Replace uppercase with correct symbols to get real email addy.)
My uncle Joe (in-law, actually) felt the same way. Despite living in the Bay area, so close to Silicon Valley, he won't use telephones or watch TV.
Hmmm... come to think of it, just look how dependent everyone seems to have gotten upon those hi-tech "wheel" doo-hickies. Just look at those tire recalls!
Point is, *any* technology at *any* level may have flaws.
This is already second time this happens to Nokia. My roommate's Nokia 5110 had originally buggy firmware (which he later upgraded for obvious reasons...) which locked the phone if someone sent him an SMS-message with 160 dots. The phone locked up completely, only removing the battery brought it back to life.
This is just the latest in a string of stories that have come out recently about the lack of security with WAP. Anyone remember the stir that Timofonica caused a few months back? How bad is WAP as a protocol in terms of its provision for security?
Uhm, I guess he meant the Zuse I, 'cause that was invented in a country captured by the Merkins (with Allied allies and Russia) which makes is a merkin invention in the eyes of every Merkin.
One other explanation would be that the comment was written by Al Gore.
---
---
"Multiple exclamation marks are a sure sign of a sick mind." (Terry Pratchett)
Come on, you can crash your 7110 by ANSWERING to a incoming call, or at least by hanging up. My 7110 crashes regularly ~2-3 per week, usually when i close the lid to end the call. I don't even use WAP (cuz it sux even worse;)
This is the place where you write something that will make you seem like a complete idiot.
Jacco /var/log
---
# cd
-------
Warning: Slashdot may contain traces of nuts.
I get fed up with people who want to web-enable everything in your entire house.
Well, maybe you're not really into this big brother thing. Some guy overhere in The Netherlands is however so interested in it that he web-enabled his entire house including his frigde and his recylce bin.
---
---
"Multiple exclamation marks are a sure sign of a sick mind." (Terry Pratchett)
Must your desktop computer be online at all times? Must it have zero down time? If not, please give me your IP address, and a vulnerability which causes you to do a full reset on your computer. I'll write an appropriate exploit.
Here's how to turn it into a true DoS.
while(1){crashPhone();
sleep(120);
}
Now as you were noting about this not being a DoS attack, could you please give me your Nokia phone's SMS e-mail gateway address?
----------------------------
it was pretty easy to do with the old 5110 and afair some of the 6110. You just had to send a SMS Message filled with dots to the phone you wanted to crash. Scary, isn't it.
Fortunately though, most people with the skills to cause such hassles also realize that it's just plain dumb to do such things.
----------------------------
wait, wait wait... it's not a DoS attack, yet it DENIES you SERVICE? What exactly *would* you call it then?
Finland-based Nokia said that it was already in contact with Web2Wap, but that Nokia, the world's largest mobile phone maker, had itself never experienced such problems in the past.
That is not true.
Sending a message with 160 chars of '.' in it to older 5110 models caused them to lock up too. I've heard that this was an easter-egg deliberately made by some coder (though I'm not sure is this true or just another urban legend). The newer models don't have the bug (eg. mine doesn't - version 05.07 20-11-98 (you can see the version by typing *#0000#)).
Furthermore, this article (only Finnish, sorry) says that in some cases the SMS also destroyed the SIM-card (no specifics mentioned).
The article also mentions that Web2Wap has contacted Nokia and Nokia experts will meet with them Wednesday, but Nokia denies getting any contact requests. Typical.
I doubt, therefore I may be.
Many of the early crackers were phone phreaks. Looks like we've come full circle.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
That is wrong. That phone has a really flawed protocol stack, ICMP echo implementation is totally broken. The 7110 has a much better protocol and browser, than both r320 and Motorola Talkabout.
If you sere wondering why you can't use your Ericsson with halfof the existing Wap gateways, well, now you know.
Sigged!
Its not on their biggest list of priorities when the linux user base is like 5-10%. Of course the interface is going to be complicated, how the hell can you type 26 letters with a 12 button keypad?
Only the State obtains its revenue by coercion. - Murray Rothbard
The "virus" was already denied. Web2Wap was unable to show it to Nokia. The only link I have is in Czech, here.
Ok so I bought the 7110e, not because it was wap enabled but because the Ir and Modem funtions melded well with my Handspring and Vaio Ir/Modem requirements. So there Iam a happy little geekoid coding, surfing and using my technology when suddenly my 7110 just locks the hell up... This occurs several days in a row and when I speak to Orange technical support they say they are aware of the 'fault' and that I need a Sw upgrade.... Since when did I buy a Microsoft product ? so anyway I have the latest version of the Nokia sw and still Isuffer occasional faults that are exactly like DoS.
Question:
As a monthly paying subscriber locked into a phone contract for a product that is clearly unsuitable for commercial use. ( read that I am self employed) who do I approach for compensation ?
Oh well thanks for the news Im off to inform a few people of the issues.
And thats why Firecrackers and kittens don't mix.
Want do DoS your friend's Nokia 7110? Just send him a calendar note from Nokia 6110 via a SMS. The calendar in 7110 will stop showing calendar notes. This works at least with firmware 4.84, I didn't check any other versions.
I wonder if we will live up to buffer overruns in mobiles. :-)
I just tried with my Nokia 8110i, and it worked just fine, no lokups.
Sigged!
...mechanisms
:p
When they wrote the firmware they just made sure that the phone could parse the messages which were sent by another copy of the same program (or a completely standard-compliant version from Ericson, Siemens or whatever).
But they never thought that they would have to handle 3v1l H@x0rs who send messages with fucked up length headers, escape characters or one of the usual other DoS attacks (I don't know anything about SMS, but all protocols kinda look like the other, so I think I can make that assumption)
If I were old enough to remember I coulda sing the "When will they ever learn?" song
Anyway, I'm lame, so yeah
"This town don't feel mine, I'm fast to get away." -Chino
This is how that thing called 'progress' works. Someone comes up with a cool new technology. People come up with hundreds of nifty new gadgets and applications for that technology. Those gadgets and applications that people want to use become household items. Those gadgets that people don't want to use show up in fifty years time as jokes in TV shows.
Go back and look at all the stupid ideas people had when they first came up with that "electricity" thing. Think of the wacky ideas people had about how radio and television could be used. Think of the fact that only about one in twenty high-tech startups survive.
The trick, however, is that it's nearly impossible to tell before the fact which gadgets will be wanted, and which will not. Some things that are really good ideas will tank because it was released in the wrong place at the wrong time. Some things that we all think are stupid will turn into the next big craze in consumer electronics. So the only logical thing to do is to produce all of them, and let Darwin sort them out.
We prosper as a society when we allow people to think as wildly as possible, give them enough rope^H^H^Hesources to try their ideas out, take the best, and let the rest drop out.
Charles Miller
--
The more I learn about the Internet, the more amazed I am that it works at all.
For some reason these messages end up being empty when they get to the receiver. Somewhat annoying for those of us that like to use the *s to show action taken. Like: "*knocks head in table*... My bad"
Does anybody know what these messages do anyway? Can I use them to tweak my phone or something?
- the Crazy Fraggle
Imagine, soon we'll have computers in CARS! Now if someone would to DoS them ;-) *CRASH*
What about fridges? Now if someone would h4xx0r my fridge and all my coke would be warm someone would be DEAD! ;-)
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
So what you are really saying is that Microsoft is the world largest producer of DoS?
a) use English b) stop writing bullshit
a) benutze die Englische Sprache b) hör auf scheisse zu schreiben
Also, I've often wondered if a cel.tel could be activated - on the sly - as a surveillance device... i.e. open the microphone in response to a (silent) incoming call/message... it doesn't ring, light up , vibrate or talk... but listens and sends what it hears to an unknown operator.
If not now, then it's just a matter of time...
I'm willing to bet that today's Nokias are more powerful that the PCs of 15 years ago. What kind of security problems will we be seeing from phones in 5 years time?
--- Hot Shot City is particularly good.
Let's see. Did you mean the original Difference Engine (generally considered to be the forefather of the modern computer), invented by Charles Babbage the Brit?
Or did you mean the first electronic computer, Enigma, invented by The Allies during WW2 (i.e. NOT the Americans only)?
Or did you mean the first non-millitary computer, the Manchester Mark 1, invented by the British?
Or did you mean the first affordable Home Computer, invented by Sinclair Research, yet another non-American company?
So, to which particular definition of "invention of the computer" are you referring, Mr Coward?
People should not be afraid of their governments - Governments should be afraid of their people.
Disregard the above, it is a troll. There is no such address and the actual link points... elsewhere.
--
so it's a malformed message that causes the computer to freeze up. big deal. they're already fixing the problem on the server side so that a malformed message can't be routed through the server. and if it happens to you, you simply pop out the battery and pop it back in. oh darn. that's really difficult. it's not a hack. it's not even a DoS attack. it's simply a fuckup. it wouldn't be all that hard for the companies that make the SMS server software to fix the problem. (that's more than I can say for today's companies that get DoS attacks and can't do a damn thing to prevent them)
The 7110 had problems in the early versions of the firmware, but the one shipping the last few months is pretty good. It has the best protocol stack and best browser of the competing Ericsson R320 and Motorola Talkabout. I had to test them all, part of my job. I hope you get your hands on these models so you can compare. Try with several WAP sites, browse around, and decide for yourself.
Check the firmware version of the 7110, 4.80 is already rather good (even though about 6 months old). Type *#0000# to check the version.
BTW, IMHO the Motorola Talkabout has an outright ugly and unfriendly screen. Where on earth has Motorola found such cheap, contrastless LCD screens!?
Sigged!
...ut still, like your PC: it ain't much cool to hit the reset button every time someone sends you an email that hangs your computer, is it?
Thank you
p.s.:the bird_on_penis is extremely hilarious!!!
Looking for people to chat about multicopters, coding, music. skype: gtsiros
SMS is hardly the only way to lock up your GSM, although it is certainly the most accessible. The WAP-capable phones appear to open a whole new can (no, make that a barrel) of worms.
:).
Earlier in the year we were working on a WAP application for a major automibile company. We actually had to put special effort in to ensure that the application *did not* lock up the phones. We tested the app with a number of phones from different manifacturers, including Nokia (I think the model used was 7110). The shocking part was that _almost all_ could be locked up, usually in different ways (which made things all the more frustrating, of course), and the problems occurred even when using the most basic WML. (the design of WML is another interesting discussion topic, but I guess I would have to leave that rant for another time)
A particularly interesting side of all that was that a lot of the ways in which the problems occurred pointed out to possible buffer overflow problems, something that would explain the lockups (one of the most obvious ones was lockups on some phones when the encoded and compressed WML pages, together with the POST data were above a certain size). Given this observation, I have been pondering since then whether those problems are actually exploitable. If they are, that would be majorly cool, or majorly scary, depending on what side of the fence you are on. Pity I don't have the zeal to delve into phone hacking at this point
I get fed up with people who want to web-enable everything in your entire house. They want to put barcode readers in your fridge to tell you when your milk is bad, internet access so the fridge can order more milk for you, heaters/airconditioners that can access the weather forecasts to more efficiently mantain your thermostat, web-enabled robots to feed your pets, even lightbulbs that have built-in TCP/IP support so you can turn them off via the web! Why in the hell would we ever need such silliness? Is it too much trouble to flip a god damn switch!? Who are the geniuses that think these things up?
"Hey, I got an idea! Why don't we make people so lazy that they don't ever have to get out of bed to do anything, and at the same time forget about how totally insecure the technology we are creating is, and thus give all those kiddie h4xxors the ability to spoil peoples' food, freeze them to death, starve their animals to death, and submit them to torturous light shows, all via the anonymity and distance of the internet!"
120 characters isn't enough to explain it.
Get vmware, and keep your uptime intact..
--
"No se rinde el gallo rojo, sólo cuando ya está muerto."
$HOME is where the
-- silver_p
Not only Europe...
Open Source. Closed Minds. We are Slashdot.
There's a way to dos 5110's too... and they'll shut them selves off after looping through the sms a couple of times. :P
I think this is hilarious. Maybe we can use this as some sort of giant DDoS attack against Nokia.
HaXXor's Creed: Your create it, we'll break the shit out of it!
-------------------------------------------------
We have come used to take software as no-warranty (EULAs,...), but we think we have some rights when we buy physical items.
Since phones are more and more software, can we finally reclaim for faulty software?
__
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
Just for grins, here's the alta vista translation of this (not that it clears it up much):
To all -- the USA FUCKER -- I do not become loose the impression that your brain is befackt. What want you in these Slashdot? Creeps you gefaelligst into the political or bekloppten groups! Are probably otherwise what? (which??) Moechlich that I think around the topic the USA exactly the same. Perhaps I would like to hang up the responsible persons Zupfer also everything... Concerns however into these Slashdot nobody nix. How does it come only that me with you the Kosewort " schmeissfliege " comes inn heading? Completely unexplainably... Are nevertheless over keinn interpret better than widderliche Spammer. Seiter such, those their opinion by exactly the same force among the people bring wolln? Militant world-better? Importunately, crazy, by verse and bloede exactly like the Regierers and Militers? Habter nix further druff?? Wollter probably everyone, which does not eat your opinion, abknalln (or abfuckn??) Important door. Beschoschissen - creeps you out of unpolitical Shlashdots! Us damischen Kauze are already bad also without you. Only to the information: With Fuck no political problems solve themselves. Hoechstns increases the number fucked of the Peoples (your provenance) thereby. For Wenner no better printouts druffhabt, rather hold the sweet Maeulchen!
No big deal. I have Siemens S10, also known as "the brick", and if a message arrives from www.quios.com onto this phone, the moment you try to read it, the phone shuts down. The same happens if you want to view a saved message from Quios. The only way to read message is to EDIT it instead of VIEWing it.