Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crashing A Nokia Phone Via SMS

Posted by Hemos on from the doesn't-matter-to-me dept.

Atryn writes "An article at the Register reports that a recent Black Hat conference presenter demonstrated how to crash Nokia cell phones using malformed headers in SMS messaging protocols. Though the SIM card can be recovered by moving to a new phone, this is perhaps an interesting preview of security issues as data goes wireless." Of course, when you live in the US, where your wireless services are about eight years behind the curve, this is less of an issue. *grin*

6 of 197 comments (clear)

  1. Re:Old news? by Not2Bryt64 · · Score: 3, Informative

    No. This is a new exploit, which I beleive does more damage. The old one just required a hard reboot (remove battery). The register article says that the phone cannot be turned back on until the message is removed from the SIM card.

    --
    -These aren't my pants.
  2. Re:Only eight years? by SirSlud · · Score: 3, Informative

    You are very unlikely to see much CDPD deployed on NA soil (I demo'd CDPD 5 years ago at a conference in Vancover .. if I'm wrong, someone let me know :). It's a technology which is perfect for the purposes you mention (telemetry, remote monitoring), but its cost and the fact that its most suited for geography that is both remote and difficult to access makes it somewhat difficult to justify why anyone would use it here (nevermind the limited bandwidth). Throw in that it'll likely never be a consumer level technology, and it seems that it is a technology which likely won't have a critical mass of deployment and visibility to make hacking a concern. Now that's not to say that it /couldn't/ be done .. :)

    --
    "Old man yells at systemd"
  3. Re:Behind WHICH curve? by mgv · · Score: 3, Informative

    Population densities are very low in the US, to there day there are many miles where there is no coverage on any system. (Unless there is a satalite system now)

    Australia uses multiple systems, but now supports mainly CDMA and GSM. Which is more popular? CDMA is better for covering distance - and please (unless you are posting from antartica) don't underestimate the issues faced in Australia. We have a land mass 2/3 the size of the US, but with a population of 18 million.

    GSM is locked in by design to a 35 Km radius around the base station. Not an issue in say, NY, London or Europe for that matter. A big issue in Oz where your neighbour might be further away than that. Telstra (the major teleco in Australia) have modified GSM transmitters to provide a second 35-70 Km ring of coveravge from a base station. In outback Australia, you can easily get 70 km line of sight to a tower.

    Despite all these limitations, GSM still wins hands down. The biggest reason? Competition I think. Being able to change service provider with a change of SIM card, rather than handset.

    Plus the provision of enough features above and beyond phone - SMS messaging. Although primitive, it was flexible enough to make your phone a pager and message service in one.

    In hindsight, the bandwidth limitations (9600 baud) and absence of packet radio (always on rather than dial in) features weren't enough of a liability to hold back its initial rollout.

    You might call it the microsoft or VHS solution - near enough, good enough without actually being the best.

    MIchael

    --
    There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.
  4. Re:We may be years behind by Robert+S+Gormley · · Score: 3, Informative
    That, to me, is a joke that has the rest of the world laughing. We don't pay to get anything. Someone calls you, why should you pay. Someone sends you a text message or a cellular fax, why should you pay?

    And don't say it's to get lower calling rates, because most cellular rates here in Australia at least would make your jaw drop with their (low) cost.

    --

    Open Source. Closed Minds. We are Slashdot.

  5. Re:Only eight years? by Cato · · Score: 3, Informative

    GPRS initially allows only 'mobile originate', i.e. the phone initiates a GPRS session to a remote network (e.g. a walled-garden WAP service) and that network sends packets back. Unsolicited packets are dropped, so as long as nobody hacks into the WAP service this is fairly unlikely. The 'mobile terminate' feature would allow unsolicited packets to be sent to the phone is not yet implemented, I believe.

    This is going to become an interesting issue as GPRS networks connect to the Internet (many are WAP only on a private IP network) - perhaps the only mitigating factor is that GPRS connections to the Internet will probably go via a NAT, making it harder for unsolicited packets to get in (they'd have to spoof an active server and guess the port number on the NAT device, as well as hoping that a UDP session was in use since spoofing TCP sequence numbers is pretty hard).

  6. Re:Not just SMS, but regular Nokias, too.... by GigsVT · · Score: 3, Informative

    Send it to bugtraq. No one ever said that bugtraq was only for PC type software.

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.