DoS Vulnerability On Nokia Phones

Matt_Bennett writes "According to this report from CNN, it is possible to send a SMS (Short Message Service) message to certain Nokia GSM phones, in particular the Nokia 7110, which will cause it to lock up. At this point, they are unsure if it is possible from an email-to-SMS gateway. The phone has to have its battery removed and replaced to return to normal operation." "Sorry I couldn't call you back, my phone was haxx0r3d." We laugh, but as personal electronics get better, we rely on them more... and at the same time, they become more complex: the potential security holes grow. Its kinda creapy.

Re:Anybody know how to do this ??

On norwegian TV yesterday, they interviewed some Nokia techies finishing up their research on the matter. Its seems that this bug only can be recreated with some sort of Nokia development software and equipment. This things are not readlily avalible.

Next version of this software should solve the issue. A recall of the exploitalbe phones is not considered

Re:Stupid and needless technology

[quonsar]

Who are the geniuses that think these things up?

My guess would be Hanna-Barbara. We're all just bit players in a big Jetsons episode.

"I will gladly pay you today, sir, and eat up

More SMS fun

[drwiii]

Some Qualcomm QCP phones will let you spy on other people's SMS messages if you send a SMS to yourself full of high-bit characters. This was working with Bell Titanic's email-to-SMS gateway a few months back, not sure about now. It was kind of weird to get people's backup failure notices, NOCOL errors, and Oracle alerts though.

Re:More SMS fun

[neitzert]

heh, you would probably like the nokia 9110/9000 series phones. There is an application that will allow you to send your phone into diagnostic mode and do some pretty silly things; like traingulate your position between three known transmitter towers, pick and choose local transmiter towers, and a plethora of other fun things. I think it still can be found at http://www.yaws.dk/communicator/ Though you'll need to hack yourself a nokia cable to make it work... christopher

Second time...

[zyzko]

This is already second time this happens to Nokia. My roommate's Nokia 5110 had originally buggy firmware (which he later upgraded for obvious reasons...) which locked the phone if someone sent him an SMS-message with 160 dots. The phone locked up completely, only removing the battery brought it back to life.

Filter at SMS gateway?

[Jacco+de+Leeuw]

Since an SMS gateway is always required, can't these messages be filtered by the operator?

Jacco
---
# cd /var/log

Not true.

[plaa]

Finland-based Nokia said that it was already in contact with Web2Wap, but that Nokia, the world's largest mobile phone maker, had itself never experienced such problems in the past.

That is not true.

Sending a message with 160 chars of '.' in it to older 5110 models caused them to lock up too. I've heard that this was an easter-egg deliberately made by some coder (though I'm not sure is this true or just another urban legend). The newer models don't have the bug (eg. mine doesn't - version 05.07 20-11-98 (you can see the version by typing *#0000#)).

Furthermore, this article (only Finnish, sorry) says that in some cases the SMS also destroyed the SIM-card (no specifics mentioned).

The article also mentions that Web2Wap has contacted Nokia and Nokia experts will meet with them Wednesday, but Nokia denies getting any contact requests. Typical.

Re:Stupid and needless technology

[carlfish]

Is it too much trouble to flip a god damn switch!? Who are the geniuses that think these things up?

This is how that thing called 'progress' works. Someone comes up with a cool new technology. People come up with hundreds of nifty new gadgets and applications for that technology. Those gadgets and applications that people want to use become household items. Those gadgets that people don't want to use show up in fifty years time as jokes in TV shows.

Go back and look at all the stupid ideas people had when they first came up with that "electricity" thing. Think of the wacky ideas people had about how radio and television could be used. Think of the fact that only about one in twenty high-tech startups survive.

The trick, however, is that it's nearly impossible to tell before the fact which gadgets will be wanted, and which will not. Some things that are really good ideas will tank because it was released in the wrong place at the wrong time. Some things that we all think are stupid will turn into the next big craze in consumer electronics. So the only logical thing to do is to produce all of them, and let Darwin sort them out.

We prosper as a society when we allow people to think as wildly as possible, give them enough rope^H^H^Hesources to try their ideas out, take the best, and let the rest drop out.

Charles Miller

--

Re:Another hole in the WAP protocol?

[Ewan]

This isn't a WAP thing, its just dodgy software in nokia phones (they arent even wap phones).

Ewan

The first of many I think

[mav[LAG]]

We never learn. The more complex a system becomes, the more possible paths through that system there are and so the more bugs and potential security holes there are. Placing more and more technology in smaller and smaller places isn't going to be as wonderful as we think unless security is taken seriously from the very very beginning.

I'm willing to bet that today's Nokias are more powerful that the PCs of 15 years ago. What kind of security problems will we be seeing from phones in 5 years time?

malformed message

[kootch]

so it's a malformed message that causes the computer to freeze up. big deal. they're already fixing the problem on the server side so that a malformed message can't be routed through the server. and if it happens to you, you simply pop out the battery and pop it back in. oh darn. that's really difficult. it's not a hack. it's not even a DoS attack. it's simply a fuckup. it wouldn't be all that hard for the companies that make the SMS server software to fix the problem. (that's more than I can say for today's companies that get DoS attacks and can't do a damn thing to prevent them)

WAP-related lockups

[Mindbridge]

SMS is hardly the only way to lock up your GSM, although it is certainly the most accessible. The WAP-capable phones appear to open a whole new can (no, make that a barrel) of worms.

Earlier in the year we were working on a WAP application for a major automibile company. We actually had to put special effort in to ensure that the application *did not* lock up the phones. We tested the app with a number of phones from different manifacturers, including Nokia (I think the model used was 7110). The shocking part was that _almost all_ could be locked up, usually in different ways (which made things all the more frustrating, of course), and the problems occurred even when using the most basic WML. (the design of WML is another interesting discussion topic, but I guess I would have to leave that rant for another time)

A particularly interesting side of all that was that a lot of the ways in which the problems occurred pointed out to possible buffer overflow problems, something that would explain the lockups (one of the most obvious ones was lockups on some phones when the encoded and compressed WML pages, together with the POST data were above a certain size). Given this observation, I have been pondering since then whether those problems are actually exploitable. If they are, that would be majorly cool, or majorly scary, depending on what side of the fence you are on. Pity I don't have the zeal to delve into phone hacking at this point :).