Slashdot Mirror
Crashing A Nokia Phone Via SMS
Atryn writes "An article at the Register reports that a recent Black Hat conference presenter demonstrated how to crash Nokia cell phones using malformed headers in SMS messaging protocols. Though the SIM card can be recovered by moving to a new phone, this is perhaps an interesting preview of security issues as data goes wireless." Of course, when you live in the US, where your wireless services are about eight years behind the curve, this is less of an issue. *grin*
Oh, and first p0st0rz. I rule, yo!
I remeber the days when a phone was actually used to call with, damn i feel old now...
Wax-Museum Fire Results In Hundreds Of New Danny DeVito Statues
Isn't this extremely old news?
-- If no truths are spoken then no lies can hide --
Now the *truly* malicious can set out to infect 911 with a virus that attacks the phone of callers . . .
hawk, who now sees that touch-tone was a slippery slope and should have been stopped
Is it at all possible to have any sort of technology without assholes coming along and ruining it for everyone?
once the nokia Netbsd port is done, we'll be able to protect our phones using ipf (or maybe even a pf port, if the ipf license still isn't to your liking) and should be fine.
-f
www.blackant.net
Being eight years behind the curve has its advantages.....like not being susceptible to this!
It's like using a KPro for your primary workstation, it's so old that no one will spending a lot of time finding new ways to crack it. And if they do, that's ummm, *really* pathetic.
I just got back from India and Europe and am thoroughly embarrassed by our government's and wireless carriers' inability to play ball with the rest of the world. At least AT&T finally got the clue, I hope.
This talks about crashing a phone via SMS, but what about devices on CDPD or GPRS like those road signs or weather telemetry, or even electric meters in some locales. That's not only on the wireless network but on the IP network. Has anyone tried to muck with those devices yet? On most CDPD and GPRS plans the customer pays for each byte transmitted, what if someone just streams data towards a customer to run up their bill?
It's time to code firewalls and applicative filtering proxies for mobile phones...
{{.sig}}
So I guess the HandSpring Visor GSM phone I have with GSM service via Voicestream dosen't exist???
So many high schoolers have these; imagine what some disgruntled kid could do now!
I thought nokia phones already shipped worms out-of-the-box.
Europe is ahead of the Us because they have a standard system. However the US has several systems which have features that are better than what Europe has. CDMA is a better standard than GMS overall, and there are others, which gives each a trial by fire. The best can then be combined into something that works. Generation 3 cell phones (if they ever make it) have been heavially influenced by what worked and didn't work in the US. If everyone was GSM like Europe is, then generation 3 would not be as good as it is.
Remember standardise early, but not too early.
I won't argue when you say it is convient to have one standard, but in real life most of the US has just as good of coverage as Europe. Sure there is only one provider, but who cares if the phone works? Get out from the major cities and there is no service, but a single GSM standard would't help much. Population densities are very low in the US, to there day there are many miles where there is no coverage on any system. (Unless there is a satalite system now)
Hey, look! a Grey Screen of Death!
(considering most have mono displays, correct?).
Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
For the first time, hackers can kill. Considering the number of people who use their cell phones while driving, a random "crash" (what a terrible pun) while trying to send email or view stock quotes while driving should be enough to push a few drivers "over the edge".
The good news is that if terrorists intend to use such "crash" attempts to crash cars or other vehicles, we at least have new legislation to stop them.
If guns kill people, then CmdrTaco's keyboard misspells words.
Great, extrapolate this and my year 2050 toaster will crash on me because of some untested path in the 5M lines of code it will contain. I'll say "back in my days toasters didn't crash because of malformed headers in messaging protocols", and my grand-sons won't beleive me.
what a Beowulf cluster of Nokias could do!
[US] wireless services are about eight years behind the curve
Those who implement later can implement newer standards w/out obsoleting(and thus pissing off) all the existing users of the cellphone network.
when all you need to do is throw the phone to the pavment?
I am the Alpha and the Omega-3
But the alternative (in the US) is f*cking advertisers sending phones messages when they're in the vicinity of certian stores.
Anyone remember reading about the test of this little "technology" in Boulder CO (of all places)? The advertiser was "very pleased" with the number of people who READ the ad.
Great, so they can trace who read the &^$%*& things as well. I think my Sprint phone gets 100 free text messages before I have to start _paying_. Which is great - the recipient gets to pay to be spammed...
Computer Science is Applied Philosophy
In small heavily populated areas like europe its easy to change out a dozen towers that blanket the whole country. Compare that to the US where everything is sprawled out.
Only the State obtains its revenue by coercion. - Murray Rothbard
Of course, when you live in the US, where your wireless services are about eight years behind the curve, this is less of an issue.
Security through Inertia. Hmm...
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
I mean, look at this logo on a nokia phone. As soon as you see this logo on a phone, you know trouble is coming. I think it is some sort of curse :)
Btw, if you actually want this logo, go here.
XML is like violence. If it doesn't solve the problem, use more.
If I could get one of those big old 80s-early 90s cell phones (like the one that kid had in saved by the bell), I would use it. I don't need no stinkin' text-messaging WAP shit on my phone.
-----BEGIN PGP MESSAGE-----
9 dT DhBAXdbTL9Ujhf
1 y5 BeyULii5VIEiFo
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Password is "iacbtinfm"
jA0EAwMCv40xjZ0E69BgyWaTGoaWMos40i4ka+Z3N4WcbgY
oFdJGGlmPysuEsnIw8QymV0GDpqvwspj6zXsJZzv6gsI1ix
2MShQHww9x1hUV+ODttaq67bSGuf3Ds=
=Jwji
-----END PGP MESSAGE-----
Hi Slashdotters,
We here at Slashdot would like to advise you to use the following format when submitting bug-related stories.
"Crashing a [product] with [method used to crash it]"
"An article at [source] reports that [security expert] demonstrated how to crash [product] using [Pick one: buffer overflow; malformed headers; Javascript]." [insert wizened statement about how this will affect future direction of products in this category] [attach silly remarks by Slashdot writer like "Well, that's why I use [competing product]!"]
Also, please use the following template when replying:
"Those @(#&@! bastards! Who do they think they are, making [product] so buggy! Why do they have to include [useless feature that no one wants/uses anyway]?? I'll never use a [company] [product] again! Please, fellow Slashdotters, I urge you to boycott [company]!"
This will save us a lot of time and moderation points.
Thank you,
The Slashdot Team
This is exactly why these new phone PDAs worry me. You've only got to have a copy of Outlook Express running and your phone will call everyone in your Address Book or send them frisky messages.
Though my grandma might like to receive 'How are you sexy legs?', I'm not sure my boss would be quite as accepting.. (and if he is, I should quit)
mogorific carpentry experiments
... i could find some code to test this out?
As far as I'm concerned this shouldn't even be an issue with Cell phones. I think that phones should be kept phones. If someone is really that interested in portable web. Then use a PDA.
Yes, I'll be one of the first to admit that cell phones are wonderfull. But I use mine as a phone. Not a game consol, not as a web browser, or day planner... And yes, I think PDA's are good for a day planner, and even limited web browsing and gaming. But really, do we need to be playing Doom, or the latest, greatest, Quake game on our cell phones? Do you really need to use Yahoo! after getting talking with your mother from the bus?
For me, there is such a thing as too many features. Web browsers on cell phones is one such case.
-- Never monkey with another Monkey's monkey
Only an american can claim not to have created custom SMS messages and crashed phones with them.
I and many of my friends have accidentally created such SMS messages while debugging SMS gateway products. It doesn't even require real attempt to do so.
At least Nokia, Ericsson, Motorola and Siemens models crash easily, and even two latter of those are jokes anyway. Some crash badly enough to require service repair.
"This phone has performed an illegal operation and will be shut down...if the problem persists, please call the vendor"....
Hahahahahaha...{sniff}....hehehe.
What is with the Grey screen of death comment being modded as overrated?
Geez, you'd think you would have to be rated first.
Maybe that should be submitted as a bug?
You can't fix the moderators who do that kind of stuff (maybe spayed or neutered) but can you fix the system?
Oh, well, don't worry, be happy..la la laaa
Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
I have already discovered a bug in the old and rather basic nokia 3210 [see below]. I can't imagine how many of these there will be in a more complex phone like the nokia 7650. A sms worm anyone ?
I think some bugs are inevitable but I hope the developers will pay more attention to the the sofware they design than Bill Gates did in the early PC years - and even in the not early years ! And those new combined phone/pockeptPC will be fun to hack I bet.
But I don't think the users are ready to accept too many bugs in a mobile phone/pda like they did with the windows OS.
Responsability is not only on the shoulders of developers. A friend of mine crashed his visor and lost all the data he had difficultly typed in. He had no backup ! So there will be a lot of work to make the users more aware of security concerns about the digital tools.
I hope the laws will also be appropriate to this new digital era. No way am I gonna tolerate sms spam !
The nokia 3210 bug :
When you type a message, then want to send it but go back to the typing screen before entering the phone number of the recipient, the T9 completion system is messed up : if you want to change a word, it doesn't use the one you have selected.
Men are born ignorant, not stupid; they are made stupid by education. Bertrand Russel
how lame is this:
Once the message is received it is impossible to turn on an infected phone again.
what kind of design went into this product? is there no way to force a hard-reboot of the phone or something similar, to reset it? what about detaching the battery briefly, etc??
it would really suck to have this happen while on a business trip or something and have to run by the nearest Nokia store to exchange your phone for another, or have it unfrozen or whatnot. and i'm sure Nokia would just exchange/fix the phone for free (not)... they'd probably require that you mail it in to them and wait 4-6 weeks to get it back, finally fixed.
--w
E V E R Y T H I N G I W R I T E I S F A L S E
... that makes me happy I don't own one of those fancy new cellular phones.
Look a monkey!
I wonder why it is so expensive. I have an SMS phone with VoiceStream. I get 500 messages for $5 a month (a penny a message for the math impaired), and no daily limit. I receive weather report and news headlines every day (6 messages daily), and use the AIM-to-SMS gateway all the time. 3 a day would suck.
Those farking bastards! Who do they think they are, making Nokia phones so buggy! Why do they have to include Web access that no one wants/uses anyway?? I'll never use a Nokia phone again! Please, fellow Slashdotters, I urge you to boycott Nokia!
This one just needs a standard phone, but it's even easier to find DoS attacks against WAP phones.
Interestingly enough I have found the Microsoft browser to be less prone to crash than all the others I've tried. (But no, I still don't know why anyone would want a web browser on a (2G) cellphone.)
Yep, my phone came free with my service. Didn't pay a dime. No, it doesn't play Fur Elise or the William Tell Overature, no it doesn't have calendering, no it doesn't have games, no it isn't internet ready, no doesn't do text messaging, and no, it doesn't crash.
-- If god wanted me to have a sig, he'd have given me a sense of humor.
GM and others are looking into intelligent cars. Currently a kid might drop rocks on your car from an overpass, soon they'll just sit at home and hack away until they see all the traffic stop.
Bring back the old tin cans connected by string I say...
I once crashed my friend's Alcatel One Touch Easy by flooding his phone from mtnsms.com...
Nevrar
You do not seem to realize the success that sms has in Europe. If we follow you, why send an email when you can call the person on a phone ? Ridiculous. I am not an avid sms user but I see it can be useful in many situations :
- If you cannot talk or do not want to talk, in a lecture for example, you can still type.
- If you want to send a phone number or a complex address, it is easier for the receiver to read it than to have to write it when you talk.
- You can reuse the same message as many times as you want.
- You can type a message and send it later.
- If the network is poor and audio not working, sms still works. (I only use sms with why brother, the antenna of his phone is broken). It even saved a man's life in England.
- With sms, you can see the number of the sender and ignore it.
- you can receive personal news and services that way.
- you can have your email forwarded etc.
- etc.
Finally if you find a place where 802.11b works everywhere with phones as cheap as current ones, I will go live there !
Men are born ignorant, not stupid; they are made stupid by education. Bertrand Russel
how is this a troll? please, if you can't mod well, then just mod up...
A: None. The Universe spins the bulb, and the Zen master merely stays out of the way.
I work for at a dealer for a national cell carrier here in Canada (Telus). We use CDMA. All of our digital phones have had the capacity for two way text messages for well over a year. The network just hasnt implemented it. One way (PC to Phone) SMS has worked fine for almost two years.
I pay 15 dollars per month for web access, but it is UNLIMITED usage and I can use AIM for chatting to all my friends that I con into installing AIM so I am not so bored on the transit ride home. It's great. I just wish Nokia had a plug in keyboard for my 6185.
Bell Canada, Telus, and Rogers-AT&T have actually recently made an agreement to allow full two way text messaging across their networks. So..Canada at least isnt 8 years behind.
Last time I checked the UK is in Europe, and I know of no network in the UK where you pay per call, when roaming in France, Spain, Portugal and Greece I have also always payed per minute. Where did this idea we pay per call come from?
Is this new? I have seen this happen a lot, and not just with nokia. The special characters from phillip's phones can crash quite a few phones. Alcatel seem to be one of the worst for crashing. Some phones seem to be fine, but an't delete the message from the sms through to the phone not working till the message is deleted from the sms on another phone.
My 7110 is easy to lock up. I got it just after it was released so maybe is should get a software update for it..
1) Connecting to any wap service.
Same bug always, requires removal of the battery. After that it works fine. It always happens the first time I try to connect it when I haven't used it in a while(only uses it to show to people why it suck)
2) Using the IR connector, requires reboot to make it work again.
Using the phone to dial up to the company ppp pool. It drops the connection after 5 minutes. Yes, I know it is slow but when staying in a boring hotel room in a boring city, slashdot at 9600 baud(i'd say it performs like 2300) ain't that bad.
Also trying to sync my palm using the IR requires a reboot the next time I want to use it.
3) Impossible to talk for a long time while driving, even using the handsfree kit with external antenna. When it have to switch bands while talking, always drops the connection. But I guess that is the phonecompany's fault.
It is fairly widely available in urban areas.
Interface-wise most CDPD adapters seem to act as network cards; IBM at least also made a CDPD modem that actually had a modem interface, but it was fairly large.
fencepost
just a little off
You can't use a Sprint phone on the Verizon network can you?
Yes, if I'm willing to pay the ridiculous roaming fees. And don't even get me started on the "additional minutes" fees.
My Sprint plan costs $40 for the first 2500 minutes, and $1000 for the next 2500. No, that third 0 is not a typo.
Oh, and did I mention that when you check how many minutes you've used, everything except your final bill is just an "estimate", and probably an underestimate designed to lure you into a $6, 15 minute phone call when you don't realize you've gone over? Bastards.
Okay, I'm done ranting now.
Yes, you *can* use a Sprint phone on the VZW network (sort of). The difference is this:
CDMA (as Bell Atlantic Mobile implemented it) runs on 800mhz.
PCS (As Sprint & other parts of the now-VZW implemented it) runs on 1900mhz.
The new VZW phones that are "Tri-Mode" run on Analog, CDMA/800 and CDMA/1900. It's the same stuff, just a different frequency.
So yes, they're interoperable (sort of!) If there's no PCS service in your area, you're screwed trying to use a Sprint phone in a VZW area. A VZW area in a non-PCS area, however, tries CDMA/800. If that doesn't work, then it drops down to analog. There's almost _always_ analog service (in fact, I've never been completely without service anywhere in the US!)
--NBVB
Paying per call would actually be pretty cool, as you wouldn't have to care about how long you talk.. Actually, in Germany (and most other European countries) you pay per minute or per second. Average charge per minute is between US cent 10 and 90 depending on your plan. Charging per second can actually be much cheaper if you don't talk to long (naturally)
2001-11-29 15:40:51 simple SMS kills cell phones (articles,security) (rejected)
sorry, I know that someone is going to mod me down for this... BUT THAT IS NOT FAIR!!!
If someone with the same expierence reads this please reply or tell me about your unfair rejection by email me(at)sluggie.org.
Thanks!
sluggie out.
That guy has disclosed a circunvention device to break one of our "top secret" products. Let's create a RIAA (based on phone companies) and bring the guy to court!
... WE GOT YOU!
Maybe he will face up to 25 years!
But, hey! wait...
Soon all the devices will have the enforced SSSCA so no need for that. The big companies will control every single piece of hardware and using the DMCA it will be ilegal to try to hack it... so
Start praying.
NokiaMan
GSM's encryption is crackable real-time using COTS
/. keeps posting about and you drool all over ;-). And I don't have to notify my provider that I got a new phone and need to have my number transfered to the new one.
c) A mobile system I can use all over the world (US excluded) with the same ease I enjoy at home without any modifications to my phone or SIM card.
Everything is COTS if you have enough money, just under 10thousand still is quite a bit of money to spend on a single scanning device (for an individual that is). And then you have to crack the message itself which requires you to pick up a distinct call.
Billing per-minute still sucks, but sucks much less than per CALL
Paying per call is a term I'm not familiar with, we mostly pay per minute here in Europe (per second in my country actually, after the first 10 seconds).
Coverage is good.
My coverage is excellent here too. If there is a paved road in my country, I can use my GSM there, and some gravel roads as well. Did I mention I can take a trip around my country and still have coverage? No, I don't live in Holland or Denmark, I live in Iceland which is not quite known for its population density. And in case you're even dreaming about coming up with the argument "you're so few, you don't need to cover as many people as we do" I surely needn't remind you that transmitters and relays for GSM may be cheap but not THAT cheap (there are only 280 thousand of us you know). Plus I can take my phone to almost every country in the world (the US not included) and make calls and receive them just as I do back home. Plus I usually get to choose between different providers.
KISS. Keep It Simple, Stupid. I don't want SMS on my phone
SMS is Simple Stupid! And if you don't want sms on your phone don't open them! Don't want to send an SMS, don't send it then! Feel bothered by the phone ringing (which I hear you pay for, that's stupid, paying for incoming calls that is), don't answer it, or better yet, turn the bell off, or turn the phone off! Nobody's forcing you to use the phone. As for building 802.11b everywhere, that's
a) a whole lot more expensive
b) even more pointless, I don't feel like lugging my ThinkPad all over the place.
c) Prone to hacking too you know!!! (thus nulling your argument that GSM is fundamentally broken).
As for SMS, it really is a nice communications medium if you just want to send a quick message without going through the usual formalities. Instead of
"Hi, how are you doing, fine me too, listen I'm going to be a bit late for that meeting so blablabla"
You can send a quick SMS with the message
"Hi, sorry, I'm going to be a bit late for the meeting".
Now, with GSM I also get the following benefits: a) A choice between many providers b) A choice between a wide range of phones, the ones that
Now, your point FOR CDMA was again?
That's why you don't use email, and just call people, right? And all these instant messaging (ICQ, AIM, etc.)... Who needs that, if you can just call all the people? Man, why didn't you tell us before? We would have never used this stupid SMS-stuff, if we just had known...
Oh wait, the reason European users won't do that is because they pay PER CALL.
??? Ever been to europe? Every provider I know of, charges per minute. Actually it's often cheaper to speak for 1-2 minutes than to send an SMS (which is somehow ridiculous...).
SMS is surely not the most efficient form of communication, but often it's really convenient. It's pretty much as useful as all the instant-messaging services which are so popular right now, only that you can use it whereever you are...
1) CDMA works. TDMA and GSM are fundamentally broken. GSM's encryption is crackable real-time using COTS hardware. CDMA's isn't (yet).
That's why AT&T and co. would never switch to GSM, right? CDMA may be the more sophisticated technology but GSM just works. Everywhere...
2) Billing per-minute still sucks, but sucks much less than per CALL. Most calls are less than 2 minutes, so you don't get raided too bad in the US. And besides, roaming charges are quickly becoming a thing of the past, and now most providers are including bucketfuls of minutes, even in their cheap plans...
See above. What about paying for incoming calls/messages? Another thing often forgotten in price-comparisions US-Europe, is the base fee, charged every month. It's usually much higher in the US.
3) Coverage is good. I have no problem making a call no matter where I go (my provider is VZW).
I had a very different experience in the US. And judging from the other comments I'm not the only one...
4) KISS. Keep It Simple, Stupid. I don't want SMS on my phone. Don't want spinning 3-d wingdings. Don't want to read my email from the phone.
So, what? I want all that stuff. I use SMS, I get my email to the phone and I actually use WAP (over GPRS). And most of the people I know do so, too. And now?
If I want to read my email wirelessly, then build me an 802.11b network everywhere. Don't make me do it from a phone!!
Yes, I'm dreaming of stuffing my laptop in my pockets, too... Show me the technology, that puts 802.11b-receivers in cell phones without running out of battery too fast. Then show me how to deploy it for nationwide coverage. And finally show me how to make it scale to the user numbers of cell-phone systems.
Summary: Just because you think phone-messaging is stupid doesn't mean, everybody feels that way. And judging from the user numbers in europe and especially asia, a lot of people do seem to like SMS...
hmm im pretty sure thats what the local 911 service uses to connect all police and emergency vehicles to their whole network..
London status symbols undoubtably contributed to the popularity of mobile phones (that's what we call 'em ;-) but far more important is the pricing model used in the UK (and throughout most of Europe, I imagine).
:-)
We use "callING party pays", and the US uses "callED party pays".
So we don't ever pay for incoming calls (unless we go to another country) because the person calling you takes the cost hit (we have different number ranges to distinguish landlines from mobiles from porn from freephone, etc).
This encourages uptake because for the user, the initial cost to run is very little - that's the incentive to buy.
Once you have the phone, mind you, they run rings around you with all sorts of odd pricing - I, for example, can call the USA and Australia for the same price as a UK landline. In the evening, this costs me 3 cents, in the daytime, 50. Madness
God damn, I just got a 6210 and I thought it was so cool.
1.) A message that will delete all the ringtones in the phone's memory except for a simple, inoffensive beep tone. The cell phone OS is modified so it will vulgarly insult them whenever they try to get the latest Britney Spears tune to play on their cell phone.
2.) A message that will simply explode all those phones that people use to talk like a bastardized two way radio with the annoying beep every time someone stops talking.
3.) A message that causes the cellphone to emit sterilizing radiation at an especially idiotic user's genital regions. Helping Darwin along...
Number 3 is, sadly, only a dream. Number 1 is almost definitely impossible, especially when you only have about 120 characters in the SMS message. Number 2 might be possible, just target the specific models of phones that support this "feature". Get to work, l33t |-|@xx0rs.
(Although I do own a cellphone, I use it less in a month than half the other cellphone owners use it in a day. The ringtone it is set to is a simple unannoying beep. Usually it is off anyway so that no one can call me.)
Tim
Omnia vestra castrorum habetur nobis.
something like this has to happen. Anyone know if Nokia 8260's are vulnerable, and if it's possible to turn SMS off?
My Nokia 5165 (like many other cell phones) has the ability for you to upload new ring tones and other delightful things to it. First, I was playing around with a few web sites that existed. Then I got ahold of the logic and created my own.
In my case, all I had to do was to send an email to mytelephonenumber@mobile.att.net, and it would be processed by the phone. (Great way to act as a pager, too.)
In my experiment with music ring tones, I found that it was quite easy to accidently craft a message (in my case, a new ring tone) that is malformed. And it actually hung my cell phone up.
I probably should have published this as a cool DOS attack, but then again, I really didn't know WHERE to public cell phone DOS attacks, much less what could be done to counter it, so I kept it to myself.
Play around enough, though, and you'll find your own special email you can send to a cell phone that'll lock it tight.
He he,
OLD article man. You mean you guys didn't notice the nokia 7110?
Shit man, bad draw. My no-keeya 7110 has been a faithful servant for more than a year now, via Orange UK (gt, n.work btw).
Radar gun detector, bug detector, free wap and sms (inc script transfer) (rummages in cupboard) via my paknet radio pad and a little change to the software scanner in my no-keeya 7110.
Wow, this phone is way ahead of its time, fully 'sortable' and operates with my paknet relays. Fuck you BT and Orange.
Thanks to all the cellular networks, that pass there subscribers details via short hop paknet!
Paknets available, my_little_dog_knows@yahoo.com good prices!
what price for paknet rp5, 2 x NTP and stubby indoor mast?
European and Asian countries for years have suffered under government run landline telephone companies. The government is inept at anything it tries to do, so you can imagine how long it took to get a landline installed. Wireless has allowed people to decrease their dependence on their government run and controlled wired
telephone network. The U.S. certainly has a lot of government regulation in regards to the wired telephone network, but no where near as bad as Europe or Asia. The technical quality of our landline network is excellent. Demand for wireless is therefore less.
I suppose it's possible, but not a trivial task since commercial GPRS implementations have them sitting behind a NAT box anyways...
As an incidental point, perhaps one already mentioned, SMS is, after all, serendipity. It was included in the GSM protocol, as I recall, as a way of sending messages to the phone for configuration purposes from the network carrier. It caught the cell phone industries completely by surprise that SMS had uses for the cell phone public. CDMA/TDMA didn't need SMS because, funny enough, they had more sophisticated configuration protocols.
:-)
So it irkes me when people say behind the curve.
As far as targetting a specific phone using IP data its a little tricky because (at least in NZ) theyphones sit behind a masquarading gateway so they all carry the same IP for WAP purposes. If you got them to connect to your webserver you couldn't stream too much data before you hit the phones pitiful storage limit (just a few kb).
The masq thing is annoying for tracking web stats because its much harder to determine the number of unique visits when they all come from a single IP.
No, I did not read the f***ing article!
Virii were programmed in Assembly, and distributed thru real media like 5 1/4 floppies :)
"Wireless : LAN
Yup. And the funny thing is that this thing was created "accidentally" and now it's a big business. People are trying to recreate the success of SMS artificially with various technologies, services and such. I say they are doomed to fail.
If you want a new killer app to your cell phone, let's have a phone with Java or something and an open network API. That way you don't have to implement instant messaging or anything in hardware, just let the user community do it :-)
I must have really hit the sweet spot to have gotten moderated -1 Offtopic on slashdot!
The world ain't fair.
Listen, kiddo. This is _extremely_ old news for anyone who's ever hacked and slashed through Nokia phones.
These vulnerabilities were reported widely, by little me with the others, when the 7110's came out.
It appears that Nokia didn't implement any kinds of sanity checkers om their SIM memory readers. Then again, they are not exactly known for the quality of their software...
:P
Everyone knows what he means.
This is old news. Job showed the very same bug at HAL2001, on his "SMS security" session on friday 10th 2001, 16:00.
;)
Just goes to show that TheRegister apparently missed a great hacker conference
Of course, when you live in the US, where your wireless services are about eight years behind the curve, this is less of an issue. *grin*
Yeah, and with slower and more expensive internet connections you have less spammers and email viruses.
yeah, most of my calls are a quick 30 second affair ie, 'I'm on my way home now' or 'I'll be a bit late' etc, I reserve the big talking for my free minutes. That's exactly why I love SMS, no need to interrupt someone to get them to the phone, just txt them and they can read it when they like and it doesn't demand an immediate response..
Does not the DMCA make it illegal for this researcher to tell Nokia about the fault in their phone, meaning that this bug cannot legally be fixed?
The state of the cellphone network in NZ is a good example of how silly companies isolated on a tiny couple of islands can fsck up a good thing... Why can't the cellphone companies play nicely with each other like in Europe.
older nokia 5110s (probably all its sisters, 5160 etc too) had a bug that caused them to crash - send them an sms-message with 160 '.'-characters. freezes the phone.
This articleshows how SMS can be useful in emergencies, places with bad coverage,etc.
for great justice
thank you cox ....
What is this nonsense? Sending in a bad header into an SS7 network is not anywhere near simple. We do SS7 programming over here and to send an SMS message, you need to have physical access into the SS7 network.
So yes - assuming you have SS7 hardware, a physical connection to the SS7 network and you know how to form the wire level packets - you can do this. This is _not_ security through obscurity. The SS7 protocol is public domain - you can find it on your computer book shop's shelves. This is a bug - plain and simple on the Nokia phones, but it is exteremely low risk.
Somebody please mod this up so that people aren't acting completely stupid.
There is a simple solution for this: a packet filtering modue at the operator's SMS software. And since Nokia wouldn't like their mobile phones to crash, they will of cource gladly supply such a patch, right :)
Since you can't update every single terminal (ie phone), you would have to filter out the bad messages at the operator. And why not. After all, that's the logical place.
It's just like bad packets get filtered out at the filewall/switch and not at the workstation.