Slashdot Mirror
Crashing A Nokia Phone Via SMS
Atryn writes "An article at the Register reports that a recent Black Hat conference presenter demonstrated how to crash Nokia cell phones using malformed headers in SMS messaging protocols. Though the SIM card can be recovered by moving to a new phone, this is perhaps an interesting preview of security issues as data goes wireless." Of course, when you live in the US, where your wireless services are about eight years behind the curve, this is less of an issue. *grin*
No. This is a new exploit, which I beleive does more damage. The old one just required a hard reboot (remove battery). The register article says that the phone cannot be turned back on until the message is removed from the SIM card.
-These aren't my pants.
You are very unlikely to see much CDPD deployed on NA soil (I demo'd CDPD 5 years ago at a conference in Vancover .. if I'm wrong, someone let me know :). It's a technology which is perfect for the purposes you mention (telemetry, remote monitoring), but its cost and the fact that its most suited for geography that is both remote and difficult to access makes it somewhat difficult to justify why anyone would use it here (nevermind the limited bandwidth). Throw in that it'll likely never be a consumer level technology, and it seems that it is a technology which likely won't have a critical mass of deployment and visibility to make hacking a concern. Now that's not to say that it /couldn't/ be done .. :)
"Old man yells at systemd"
-- http://www.swcp.com/~hudson/
If everyone was GSM like Europe is, then generation 3 would not be as good as it is
This is good for Europe...
Remember standardise early, but not too early
CDMA is not 3G anyway. We all has to upgrade.
but in real life most of the US has just as good of coverage as Europe.
GSM works on the top of Kilimanjaro.
Sure there is only one provider, but who cares if the phone works?
I would care about paying even more than here in Europe.
Get out from the major cities and there is no service, but a single GSM standard would't help much. Population densities are very low in the US, to there day there are many miles where there is no coverage on any system. (Unless there is a satalite system now)
In Europe the operators have to provide near complete coverage, but this only makes any kind of economic sense if the market is not fragmented between different standards. Population density is very low in northern Sweden, but look at this map of Telia's coverage:
http://www.gsmworld.com/gsminfo/cov_sete.htm
Last time I checked the UK is in Europe, and I know of no network in the UK where you pay per call, when roaming in France, Spain, Portugal and Greece I have also always payed per minute. Where did this idea we pay per call come from?
Population densities are very low in the US, to there day there are many miles where there is no coverage on any system. (Unless there is a satalite system now)
Australia uses multiple systems, but now supports mainly CDMA and GSM. Which is more popular? CDMA is better for covering distance - and please (unless you are posting from antartica) don't underestimate the issues faced in Australia. We have a land mass 2/3 the size of the US, but with a population of 18 million.
GSM is locked in by design to a 35 Km radius around the base station. Not an issue in say, NY, London or Europe for that matter. A big issue in Oz where your neighbour might be further away than that. Telstra (the major teleco in Australia) have modified GSM transmitters to provide a second 35-70 Km ring of coveravge from a base station. In outback Australia, you can easily get 70 km line of sight to a tower.
Despite all these limitations, GSM still wins hands down. The biggest reason? Competition I think. Being able to change service provider with a change of SIM card, rather than handset.
Plus the provision of enough features above and beyond phone - SMS messaging. Although primitive, it was flexible enough to make your phone a pager and message service in one.
In hindsight, the bandwidth limitations (9600 baud) and absence of packet radio (always on rather than dial in) features weren't enough of a liability to hold back its initial rollout.
You might call it the microsoft or VHS solution - near enough, good enough without actually being the best.
MIchael
There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.
I'd say having a standardised system helped in many ways. We got down the prices of handsets very quickly. We had instant competition. And people could switch from one operator to another just by switching SIM-card. They nedn't throw away the whole phone, and change to another system.
Having a standardised system across the patchwork of countries which Europe is is also beneficial. Roaming works across the continent worked out of the box. If every country had gone for their own system, that wouldn't have happened.
Europe chose to select the mobile standard proposal out of technical merit, rather than political or national reasons. Which is a triumph for techies over politicians, I guess.
In the Nordic countries, stock broker fashions had very little to do with the very high mobile penetration we have here. Rather, ordinary people saw that the stuff worked, that coverage was good, it was easy to use, not that expensive, and it was easy to figure out what your calls would cost. You can get nearly 100% of the population to want a mobile phone if you only sell it as a yuppie (or drug dealer) toy.
And don't say it's to get lower calling rates, because most cellular rates here in Australia at least would make your jaw drop with their (low) cost.
Open Source. Closed Minds. We are Slashdot.
GSM is a technical solution to the problem of how do you keep the service inside your countries borders. This politial requirement makes for a very bad choice in places where you need huge coverage and have no problem of cross border calls. GSM is also only cost effective if you have a high density of people. The small cell sizes of GSM make it impossable to cover large rural areas effectively.
GPRS initially allows only 'mobile originate', i.e. the phone initiates a GPRS session to a remote network (e.g. a walled-garden WAP service) and that network sends packets back. Unsolicited packets are dropped, so as long as nobody hacks into the WAP service this is fairly unlikely. The 'mobile terminate' feature would allow unsolicited packets to be sent to the phone is not yet implemented, I believe.
This is going to become an interesting issue as GPRS networks connect to the Internet (many are WAP only on a private IP network) - perhaps the only mitigating factor is that GPRS connections to the Internet will probably go via a NAT, making it harder for unsolicited packets to get in (they'd have to spoof an active server and guess the port number on the NAT device, as well as hoping that a UDP session was in use since spoofing TCP sequence numbers is pretty hard).
Send it to bugtraq. No one ever said that bugtraq was only for PC type software.
I've had enough abrasive sigs. Kittens are cute and fuzzy.