Slashdot Mirror
Crashing A Nokia Phone Via SMS
Atryn writes "An article at the Register reports that a recent Black Hat conference presenter demonstrated how to crash Nokia cell phones using malformed headers in SMS messaging protocols. Though the SIM card can be recovered by moving to a new phone, this is perhaps an interesting preview of security issues as data goes wireless." Of course, when you live in the US, where your wireless services are about eight years behind the curve, this is less of an issue. *grin*
I remeber the days when a phone was actually used to call with, damn i feel old now...
Wax-Museum Fire Results In Hundreds Of New Danny DeVito Statues
Isn't this extremely old news?
-- If no truths are spoken then no lies can hide --
Now the *truly* malicious can set out to infect 911 with a virus that attacks the phone of callers . . .
hawk, who now sees that touch-tone was a slippery slope and should have been stopped
once the nokia Netbsd port is done, we'll be able to protect our phones using ipf (or maybe even a pf port, if the ipf license still isn't to your liking) and should be fine.
-f
www.blackant.net
I just got back from India and Europe and am thoroughly embarrassed by our government's and wireless carriers' inability to play ball with the rest of the world. At least AT&T finally got the clue, I hope.
This talks about crashing a phone via SMS, but what about devices on CDPD or GPRS like those road signs or weather telemetry, or even electric meters in some locales. That's not only on the wireless network but on the IP network. Has anyone tried to muck with those devices yet? On most CDPD and GPRS plans the customer pays for each byte transmitted, what if someone just streams data towards a customer to run up their bill?
It's time to code firewalls and applicative filtering proxies for mobile phones...
{{.sig}}
So I guess the HandSpring Visor GSM phone I have with GSM service via Voicestream dosen't exist???
I thought nokia phones already shipped worms out-of-the-box.
For the first time, hackers can kill. Considering the number of people who use their cell phones while driving, a random "crash" (what a terrible pun) while trying to send email or view stock quotes while driving should be enough to push a few drivers "over the edge".
The good news is that if terrorists intend to use such "crash" attempts to crash cars or other vehicles, we at least have new legislation to stop them.
If guns kill people, then CmdrTaco's keyboard misspells words.
Nope, see also: Aircraft, Pharmaceuticals, Firearms, and Indoor Plumbing.
If it ain't a Model M, it's a piece of crap.
[US] wireless services are about eight years behind the curve
Those who implement later can implement newer standards w/out obsoleting(and thus pissing off) all the existing users of the cellphone network.
when all you need to do is throw the phone to the pavment?
I am the Alpha and the Omega-3
Just like any technology, it can be used and abused. If I were the type who didn't like the word asshole, I might be justified in lamenting:
.. would you prefer to crack down on these people, and drive their activities into the underground where you are upable to keep an eye on them?
Is it at all possible to have any sort of message board without people coming along and using the word asshole?
Any other way, and you wouldn't be on planet earth, bub. Stop whining about it, and start questionting which you value more: crashable cell phones, or no cell phones?
Society must accept the inevitability of technology as an unbiased tool. Technology CANNOT be created for good. Like it or not, as a society, we must accept that when we adopted cell phones, we accepted the possibility that they may not always work, in the same way that as a society we value the use of cars more so than the lives of the thousands upon thousands of people who die as a result of them every year.
Anyone who thinks technology puts powers only in the hands of the righteous (whatever the hell that is) is a fool. In the case of Black Hats, I'd rather the concaine junkies in my neighbourhood congregate and do their thing in the middle of daylight in the park rather than at night, in allys, if you catch my drift. The fact that this was demonstrated at a conference is a good thing
"Old man yells at systemd"
But the alternative (in the US) is f*cking advertisers sending phones messages when they're in the vicinity of certian stores.
Anyone remember reading about the test of this little "technology" in Boulder CO (of all places)? The advertiser was "very pleased" with the number of people who READ the ad.
Great, so they can trace who read the &^$%*& things as well. I think my Sprint phone gets 100 free text messages before I have to start _paying_. Which is great - the recipient gets to pay to be spammed...
Computer Science is Applied Philosophy
Of course, when you live in the US, where your wireless services are about eight years behind the curve, this is less of an issue.
Security through Inertia. Hmm...
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
I mean, look at this logo on a nokia phone. As soon as you see this logo on a phone, you know trouble is coming. I think it is some sort of curse :)
Btw, if you actually want this logo, go here.
XML is like violence. If it doesn't solve the problem, use more.
Oh, you mean some sort of simple technology, like a stick, or, say, maybe a rock or maybe just dirt? It's the technology's fault that it gets corrupted.
HIV Crosses Species Barrier... into Muppets
If I could get one of those big old 80s-early 90s cell phones (like the one that kid had in saved by the bell), I would use it. I don't need no stinkin' text-messaging WAP shit on my phone.
but in real life most of the US has just as good of coverage as Europe.
You obviously haven't tried using the same phone in both the U.S. and Europe. Get a tri-band GSM phone, take it to any large city in Europe, and you'll see you get much better coverage than in NYC/someother U.S. city.
Hi Slashdotters,
We here at Slashdot would like to advise you to use the following format when submitting bug-related stories.
"Crashing a [product] with [method used to crash it]"
"An article at [source] reports that [security expert] demonstrated how to crash [product] using [Pick one: buffer overflow; malformed headers; Javascript]." [insert wizened statement about how this will affect future direction of products in this category] [attach silly remarks by Slashdot writer like "Well, that's why I use [competing product]!"]
Also, please use the following template when replying:
"Those @(#&@! bastards! Who do they think they are, making [product] so buggy! Why do they have to include [useless feature that no one wants/uses anyway]?? I'll never use a [company] [product] again! Please, fellow Slashdotters, I urge you to boycott [company]!"
This will save us a lot of time and moderation points.
Thank you,
The Slashdot Team
This is exactly why these new phone PDAs worry me. You've only got to have a copy of Outlook Express running and your phone will call everyone in your Address Book or send them frisky messages.
Though my grandma might like to receive 'How are you sexy legs?', I'm not sure my boss would be quite as accepting.. (and if he is, I should quit)
mogorific carpentry experiments
... i could find some code to test this out?
behind the cell-curve curve I live in Norway(5 mill +large country) and we have GSM coverage virtualy on every mountain and wally(real walleys not like those puny US ones, and the UMTS network are about to, or has been opened Kaptein N
As far as I'm concerned this shouldn't even be an issue with Cell phones. I think that phones should be kept phones. If someone is really that interested in portable web. Then use a PDA.
Yes, I'll be one of the first to admit that cell phones are wonderfull. But I use mine as a phone. Not a game consol, not as a web browser, or day planner... And yes, I think PDA's are good for a day planner, and even limited web browsing and gaming. But really, do we need to be playing Doom, or the latest, greatest, Quake game on our cell phones? Do you really need to use Yahoo! after getting talking with your mother from the bus?
For me, there is such a thing as too many features. Web browsers on cell phones is one such case.
-- Never monkey with another Monkey's monkey
"This phone has performed an illegal operation and will be shut down...if the problem persists, please call the vendor"....
Hahahahahaha...{sniff}....hehehe.
What is with the Grey screen of death comment being modded as overrated?
Geez, you'd think you would have to be rated first.
Maybe that should be submitted as a bug?
You can't fix the moderators who do that kind of stuff (maybe spayed or neutered) but can you fix the system?
Oh, well, don't worry, be happy..la la laaa
Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
Remember standardise early, but not too early.
;)
An American friend one pointed out to me that the USA has the benefit of inventing many new technologies, and being the first to implement a massive number of them...
...This of course means that the USA tends to implement version 1.0 all across the country, and when you've covered an area that big with version 1.0, version 2.0 is gonna be a long time coming
Steve
Enjoy Y2K? Roll-on Year 2037!
I have already discovered a bug in the old and rather basic nokia 3210 [see below]. I can't imagine how many of these there will be in a more complex phone like the nokia 7650. A sms worm anyone ?
I think some bugs are inevitable but I hope the developers will pay more attention to the the sofware they design than Bill Gates did in the early PC years - and even in the not early years ! And those new combined phone/pockeptPC will be fun to hack I bet.
But I don't think the users are ready to accept too many bugs in a mobile phone/pda like they did with the windows OS.
Responsability is not only on the shoulders of developers. A friend of mine crashed his visor and lost all the data he had difficultly typed in. He had no backup ! So there will be a lot of work to make the users more aware of security concerns about the digital tools.
I hope the laws will also be appropriate to this new digital era. No way am I gonna tolerate sms spam !
The nokia 3210 bug :
When you type a message, then want to send it but go back to the typing screen before entering the phone number of the recipient, the T9 completion system is messed up : if you want to change a word, it doesn't use the one you have selected.
Men are born ignorant, not stupid; they are made stupid by education. Bertrand Russel
Hmm, my current cell phone is in fact GSM, and every US city I've been to has had good coverage. Oh I agree that GSM doen'st have the best coverage, but it is there. GSM is not very common in the US, and there is still a lot of coverage.
And remember to differenciate between coverage in sparesly populated areas with densely populated areas. (NYC I know is dense, but I wouldn't want to visit there so you point is lost to me...)
It's probably not true that Europe is ahead because they have a standard system; as far as I can tell, they are ahead because it became fashionable in the boom of the late 80's in London particularly to have a cell phone; partly because it was a way of doing more business for the brokers- it quickly became a status symbol. A fairly affordable it became too as it grew rapidly among the city and top businessmen and filtered its way down to basically everyone.
The fashion made the economics look better, and that in turn drove more manufacturers to enter the market and compete, driving the price down further.
The other feature that killed off the other mostly non-digital systems was security. After the 'squidgy' tape loads of people would only get digital, particularly Prince Charles- and the GSM phones were a convenient digital standard to go for at that time.
Britain is an ideal place for cell phones- the population density is pretty high, so less cells are required; most people I know have a cell phone in britain. Many of them don't have a fixed line at all anymore.
Incidentally, there IS a satellite phone system- Iridium, last time I checked it was very expensive, didn't work indoors or in cities, had low quality; and the handsets are really heavy.
The military loves them.
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"how lame is this:
Once the message is received it is impossible to turn on an infected phone again.
what kind of design went into this product? is there no way to force a hard-reboot of the phone or something similar, to reset it? what about detaching the battery briefly, etc??
it would really suck to have this happen while on a business trip or something and have to run by the nearest Nokia store to exchange your phone for another, or have it unfrozen or whatnot. and i'm sure Nokia would just exchange/fix the phone for free (not)... they'd probably require that you mail it in to them and wait 4-6 weeks to get it back, finally fixed.
--w
E V E R Y T H I N G I W R I T E I S F A L S E
- Is it at all possible to have any sort of technology without assholes coming along and ruining it for everyone
Who's the bigger asshole? The one who exploits flaws in products or the one that releases products without checking for flaws that could be exploited?One could say that the "black hats" are really "white hats" in demonstrating flaws so that they do get fixed (in reality there are shades of gray in between, depending on what the discoverer does with that information).
Of course, if Microsoft had their way, we wouldn't even know about flaws such as this and have to put our faith in the vendors fixing these "secret" flaws (read: Ralph Nadar's Unsafe at any Speed). Of course, where's the motivation to fix flaws that the public doesn't know about?
If everyone was GSM like Europe is, then generation 3 would not be as good as it is
This is good for Europe...
Remember standardise early, but not too early
CDMA is not 3G anyway. We all has to upgrade.
but in real life most of the US has just as good of coverage as Europe.
GSM works on the top of Kilimanjaro.
Sure there is only one provider, but who cares if the phone works?
I would care about paying even more than here in Europe.
Get out from the major cities and there is no service, but a single GSM standard would't help much. Population densities are very low in the US, to there day there are many miles where there is no coverage on any system. (Unless there is a satalite system now)
In Europe the operators have to provide near complete coverage, but this only makes any kind of economic sense if the market is not fragmented between different standards. Population density is very low in northern Sweden, but look at this map of Telia's coverage:
http://www.gsmworld.com/gsminfo/cov_sete.htm
I live in Minnesota, about 3.5 million people, and about twice as much land as Norway. And MN is fairly heavily populated compared to many nearby states. (which also happen to be larger) covering a valley isn't that difficult from an engeering standpoint, just put a tower there. Covering a flat field of 100 miles profitably is extreamly diffiult if the entire population of the field is less then 75. I happen to know someone who lives in that exact situation.
... that makes me happy I don't own one of those fancy new cellular phones.
Look a monkey!
CDMA is a better standard than GMS overall
What I find funny about this statement is that these two are not necessarily comparable. CDMA is a radio protocol, used by both Sprint PCS and Verizon here in the USA. GSM, on the other hand, fully describes a wireless network, from the radio protocol (TDMA), to the included services (voice, 9600bps data, SMS), all the way to the SIM chip.
While CDMA may be a better radio protocol than TDMA, it is definitely not a wireless network. You can't use a Sprint phone on the Verizon network can you? As far as I know, these are separate networks with their own definitions. They just happen to share a common radio protocol.
So when someone brings up the ancient war: CDMA vs TDMA vs GSM, be sure to reorganize this into: Sprint vs Verizon vs AT&T vs GSM. This is a much more sensible comparison. Anyhow, perhaps in the future GSM's radio protocol can be replaced with a CDMA incarnation.
I wonder why it is so expensive. I have an SMS phone with VoiceStream. I get 500 messages for $5 a month (a penny a message for the math impaired), and no daily limit. I receive weather report and news headlines every day (6 messages daily), and use the AIM-to-SMS gateway all the time. 3 a day would suck.
Those farking bastards! Who do they think they are, making Nokia phones so buggy! Why do they have to include Web access that no one wants/uses anyway?? I'll never use a Nokia phone again! Please, fellow Slashdotters, I urge you to boycott Nokia!
This one just needs a standard phone, but it's even easier to find DoS attacks against WAP phones.
Interestingly enough I have found the Microsoft browser to be less prone to crash than all the others I've tried. (But no, I still don't know why anyone would want a web browser on a (2G) cellphone.)
Yep, my phone came free with my service. Didn't pay a dime. No, it doesn't play Fur Elise or the William Tell Overature, no it doesn't have calendering, no it doesn't have games, no it isn't internet ready, no doesn't do text messaging, and no, it doesn't crash.
-- If god wanted me to have a sig, he'd have given me a sense of humor.
Bring back the old tin cans connected by string I say...
I once crashed my friend's Alcatel One Touch Easy by flooding his phone from mtnsms.com...
Nevrar
You do not seem to realize the success that sms has in Europe. If we follow you, why send an email when you can call the person on a phone ? Ridiculous. I am not an avid sms user but I see it can be useful in many situations :
- If you cannot talk or do not want to talk, in a lecture for example, you can still type.
- If you want to send a phone number or a complex address, it is easier for the receiver to read it than to have to write it when you talk.
- You can reuse the same message as many times as you want.
- You can type a message and send it later.
- If the network is poor and audio not working, sms still works. (I only use sms with why brother, the antenna of his phone is broken). It even saved a man's life in England.
- With sms, you can see the number of the sender and ignore it.
- you can receive personal news and services that way.
- you can have your email forwarded etc.
- etc.
Finally if you find a place where 802.11b works everywhere with phones as cheap as current ones, I will go live there !
Men are born ignorant, not stupid; they are made stupid by education. Bertrand Russel
how is this a troll? please, if you can't mod well, then just mod up...
A: None. The Universe spins the bulb, and the Zen master merely stays out of the way.
I work for at a dealer for a national cell carrier here in Canada (Telus). We use CDMA. All of our digital phones have had the capacity for two way text messages for well over a year. The network just hasnt implemented it. One way (PC to Phone) SMS has worked fine for almost two years.
I pay 15 dollars per month for web access, but it is UNLIMITED usage and I can use AIM for chatting to all my friends that I con into installing AIM so I am not so bored on the transit ride home. It's great. I just wish Nokia had a plug in keyboard for my 6185.
Bell Canada, Telus, and Rogers-AT&T have actually recently made an agreement to allow full two way text messaging across their networks. So..Canada at least isnt 8 years behind.
Last time I checked the UK is in Europe, and I know of no network in the UK where you pay per call, when roaming in France, Spain, Portugal and Greece I have also always payed per minute. Where did this idea we pay per call come from?
Is this new? I have seen this happen a lot, and not just with nokia. The special characters from phillip's phones can crash quite a few phones. Alcatel seem to be one of the worst for crashing. Some phones seem to be fine, but an't delete the message from the sms through to the phone not working till the message is deleted from the sms on another phone.
My 7110 is easy to lock up. I got it just after it was released so maybe is should get a software update for it..
1) Connecting to any wap service.
Same bug always, requires removal of the battery. After that it works fine. It always happens the first time I try to connect it when I haven't used it in a while(only uses it to show to people why it suck)
2) Using the IR connector, requires reboot to make it work again.
Using the phone to dial up to the company ppp pool. It drops the connection after 5 minutes. Yes, I know it is slow but when staying in a boring hotel room in a boring city, slashdot at 9600 baud(i'd say it performs like 2300) ain't that bad.
Also trying to sync my palm using the IR requires a reboot the next time I want to use it.
3) Impossible to talk for a long time while driving, even using the handsfree kit with external antenna. When it have to switch bands while talking, always drops the connection. But I guess that is the phonecompany's fault.
It is fairly widely available in urban areas.
Interface-wise most CDPD adapters seem to act as network cards; IBM at least also made a CDPD modem that actually had a modem interface, but it was fairly large.
fencepost
just a little off
You can't use a Sprint phone on the Verizon network can you?
Yes, if I'm willing to pay the ridiculous roaming fees. And don't even get me started on the "additional minutes" fees.
My Sprint plan costs $40 for the first 2500 minutes, and $1000 for the next 2500. No, that third 0 is not a typo.
Oh, and did I mention that when you check how many minutes you've used, everything except your final bill is just an "estimate", and probably an underestimate designed to lure you into a $6, 15 minute phone call when you don't realize you've gone over? Bastards.
Okay, I'm done ranting now.
Yes, you *can* use a Sprint phone on the VZW network (sort of). The difference is this:
CDMA (as Bell Atlantic Mobile implemented it) runs on 800mhz.
PCS (As Sprint & other parts of the now-VZW implemented it) runs on 1900mhz.
The new VZW phones that are "Tri-Mode" run on Analog, CDMA/800 and CDMA/1900. It's the same stuff, just a different frequency.
So yes, they're interoperable (sort of!) If there's no PCS service in your area, you're screwed trying to use a Sprint phone in a VZW area. A VZW area in a non-PCS area, however, tries CDMA/800. If that doesn't work, then it drops down to analog. There's almost _always_ analog service (in fact, I've never been completely without service anywhere in the US!)
--NBVB
Paying per call would actually be pretty cool, as you wouldn't have to care about how long you talk.. Actually, in Germany (and most other European countries) you pay per minute or per second. Average charge per minute is between US cent 10 and 90 depending on your plan. Charging per second can actually be much cheaper if you don't talk to long (naturally)
2001-11-29 15:40:51 simple SMS kills cell phones (articles,security) (rejected)
sorry, I know that someone is going to mod me down for this... BUT THAT IS NOT FAIR!!!
If someone with the same expierence reads this please reply or tell me about your unfair rejection by email me(at)sluggie.org.
Thanks!
sluggie out.
That guy has disclosed a circunvention device to break one of our "top secret" products. Let's create a RIAA (based on phone companies) and bring the guy to court!
... WE GOT YOU!
Maybe he will face up to 25 years!
But, hey! wait...
Soon all the devices will have the enforced SSSCA so no need for that. The big companies will control every single piece of hardware and using the DMCA it will be ilegal to try to hack it... so
Start praying.
NokiaMan
GSM's encryption is crackable real-time using COTS
/. keeps posting about and you drool all over ;-). And I don't have to notify my provider that I got a new phone and need to have my number transfered to the new one.
c) A mobile system I can use all over the world (US excluded) with the same ease I enjoy at home without any modifications to my phone or SIM card.
Everything is COTS if you have enough money, just under 10thousand still is quite a bit of money to spend on a single scanning device (for an individual that is). And then you have to crack the message itself which requires you to pick up a distinct call.
Billing per-minute still sucks, but sucks much less than per CALL
Paying per call is a term I'm not familiar with, we mostly pay per minute here in Europe (per second in my country actually, after the first 10 seconds).
Coverage is good.
My coverage is excellent here too. If there is a paved road in my country, I can use my GSM there, and some gravel roads as well. Did I mention I can take a trip around my country and still have coverage? No, I don't live in Holland or Denmark, I live in Iceland which is not quite known for its population density. And in case you're even dreaming about coming up with the argument "you're so few, you don't need to cover as many people as we do" I surely needn't remind you that transmitters and relays for GSM may be cheap but not THAT cheap (there are only 280 thousand of us you know). Plus I can take my phone to almost every country in the world (the US not included) and make calls and receive them just as I do back home. Plus I usually get to choose between different providers.
KISS. Keep It Simple, Stupid. I don't want SMS on my phone
SMS is Simple Stupid! And if you don't want sms on your phone don't open them! Don't want to send an SMS, don't send it then! Feel bothered by the phone ringing (which I hear you pay for, that's stupid, paying for incoming calls that is), don't answer it, or better yet, turn the bell off, or turn the phone off! Nobody's forcing you to use the phone. As for building 802.11b everywhere, that's
a) a whole lot more expensive
b) even more pointless, I don't feel like lugging my ThinkPad all over the place.
c) Prone to hacking too you know!!! (thus nulling your argument that GSM is fundamentally broken).
As for SMS, it really is a nice communications medium if you just want to send a quick message without going through the usual formalities. Instead of
"Hi, how are you doing, fine me too, listen I'm going to be a bit late for that meeting so blablabla"
You can send a quick SMS with the message
"Hi, sorry, I'm going to be a bit late for the meeting".
Now, with GSM I also get the following benefits: a) A choice between many providers b) A choice between a wide range of phones, the ones that
Now, your point FOR CDMA was again?
Actually, it seems that the situation is reversed in this case. GSM uses a less-advanced technology (TDMA) than many US networks (CDMA). Europe/Asia/Africa have opted to standardize this older system, while some US carriers have gone ahead and adopted more advanced but incompatible systems. As we've got no expectations of compatibility (even when switching from one company to another), it's easier to skip to newer tech.
I don't entirely agree with the US companies' decision here, but I do think it may have some unexpected benefits. For one, we may be able to move in with a much more advanced 3G without being tied down by a whole lot of backwards-compatibility concerns. For another, it may turn out that the focus on standardized networks becomes less and less important as technology becomes more adaptable. The price and flexibility of wireless tech have been plunging and exploding, respectively. It may turn out that compatibility is more effectively acheived by cheap Taiwanese chipsets than by standardized networks.
Personally, having caught a glimpse of the projected cost of 3G (for not-terribly impressive data rates, and only in the cities), I'm skeptical of the whole project. I think the next generation of data/phone tech will take its cues from 802.11 tech, and GSM will become a relic. This is obviously a few years off, though. In the mean time, we Americans just have to rent phones when we get off the plane (not a terrible deal when you consider international roaming charges, I'm told.)
As to "America gets stuck on 1.0", there's plenty of precedent for the opposite; the Minitel in France (outmoded by the web) and analog HDTV in Japan. Sometimes our stubborness is actually an asset.
That's why you don't use email, and just call people, right? And all these instant messaging (ICQ, AIM, etc.)... Who needs that, if you can just call all the people? Man, why didn't you tell us before? We would have never used this stupid SMS-stuff, if we just had known...
Oh wait, the reason European users won't do that is because they pay PER CALL.
??? Ever been to europe? Every provider I know of, charges per minute. Actually it's often cheaper to speak for 1-2 minutes than to send an SMS (which is somehow ridiculous...).
SMS is surely not the most efficient form of communication, but often it's really convenient. It's pretty much as useful as all the instant-messaging services which are so popular right now, only that you can use it whereever you are...
1) CDMA works. TDMA and GSM are fundamentally broken. GSM's encryption is crackable real-time using COTS hardware. CDMA's isn't (yet).
That's why AT&T and co. would never switch to GSM, right? CDMA may be the more sophisticated technology but GSM just works. Everywhere...
2) Billing per-minute still sucks, but sucks much less than per CALL. Most calls are less than 2 minutes, so you don't get raided too bad in the US. And besides, roaming charges are quickly becoming a thing of the past, and now most providers are including bucketfuls of minutes, even in their cheap plans...
See above. What about paying for incoming calls/messages? Another thing often forgotten in price-comparisions US-Europe, is the base fee, charged every month. It's usually much higher in the US.
3) Coverage is good. I have no problem making a call no matter where I go (my provider is VZW).
I had a very different experience in the US. And judging from the other comments I'm not the only one...
4) KISS. Keep It Simple, Stupid. I don't want SMS on my phone. Don't want spinning 3-d wingdings. Don't want to read my email from the phone.
So, what? I want all that stuff. I use SMS, I get my email to the phone and I actually use WAP (over GPRS). And most of the people I know do so, too. And now?
If I want to read my email wirelessly, then build me an 802.11b network everywhere. Don't make me do it from a phone!!
Yes, I'm dreaming of stuffing my laptop in my pockets, too... Show me the technology, that puts 802.11b-receivers in cell phones without running out of battery too fast. Then show me how to deploy it for nationwide coverage. And finally show me how to make it scale to the user numbers of cell-phone systems.
Summary: Just because you think phone-messaging is stupid doesn't mean, everybody feels that way. And judging from the user numbers in europe and especially asia, a lot of people do seem to like SMS...
Population densities are very low in the US, to there day there are many miles where there is no coverage on any system. (Unless there is a satalite system now)
Australia uses multiple systems, but now supports mainly CDMA and GSM. Which is more popular? CDMA is better for covering distance - and please (unless you are posting from antartica) don't underestimate the issues faced in Australia. We have a land mass 2/3 the size of the US, but with a population of 18 million.
GSM is locked in by design to a 35 Km radius around the base station. Not an issue in say, NY, London or Europe for that matter. A big issue in Oz where your neighbour might be further away than that. Telstra (the major teleco in Australia) have modified GSM transmitters to provide a second 35-70 Km ring of coveravge from a base station. In outback Australia, you can easily get 70 km line of sight to a tower.
Despite all these limitations, GSM still wins hands down. The biggest reason? Competition I think. Being able to change service provider with a change of SIM card, rather than handset.
Plus the provision of enough features above and beyond phone - SMS messaging. Although primitive, it was flexible enough to make your phone a pager and message service in one.
In hindsight, the bandwidth limitations (9600 baud) and absence of packet radio (always on rather than dial in) features weren't enough of a liability to hold back its initial rollout.
You might call it the microsoft or VHS solution - near enough, good enough without actually being the best.
MIchael
There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.
I'd say having a standardised system helped in many ways. We got down the prices of handsets very quickly. We had instant competition. And people could switch from one operator to another just by switching SIM-card. They nedn't throw away the whole phone, and change to another system.
Having a standardised system across the patchwork of countries which Europe is is also beneficial. Roaming works across the continent worked out of the box. If every country had gone for their own system, that wouldn't have happened.
Europe chose to select the mobile standard proposal out of technical merit, rather than political or national reasons. Which is a triumph for techies over politicians, I guess.
In the Nordic countries, stock broker fashions had very little to do with the very high mobile penetration we have here. Rather, ordinary people saw that the stuff worked, that coverage was good, it was easy to use, not that expensive, and it was easy to figure out what your calls would cost. You can get nearly 100% of the population to want a mobile phone if you only sell it as a yuppie (or drug dealer) toy.
hmm im pretty sure thats what the local 911 service uses to connect all police and emergency vehicles to their whole network..
London status symbols undoubtably contributed to the popularity of mobile phones (that's what we call 'em ;-) but far more important is the pricing model used in the UK (and throughout most of Europe, I imagine).
:-)
We use "callING party pays", and the US uses "callED party pays".
So we don't ever pay for incoming calls (unless we go to another country) because the person calling you takes the cost hit (we have different number ranges to distinguish landlines from mobiles from porn from freephone, etc).
This encourages uptake because for the user, the initial cost to run is very little - that's the incentive to buy.
Once you have the phone, mind you, they run rings around you with all sorts of odd pricing - I, for example, can call the USA and Australia for the same price as a UK landline. In the evening, this costs me 3 cents, in the daytime, 50. Madness
Another reason for mobile phones being further ahead in Europe is that the major innovators in the industry are European. Nokia, Ericsson, Siemens to name a few of the bigger manufacturers. There are others, such as Sony and Panasonic, but they're not often on anyones 'Favourite Phone' list.
Just give me a Nokia 7650 and I'll be happy.
http://twitter.com/onion2k
Yep, and main reason is the opening of telecommunications sector in those countries to competition which coincided with ability to do cellular
phones - and ability agree on technical standards that
helped to forms standards which were technically
sound. GSM was reliable from day one I started
to use in here Finland.
Much more reliable than internet connections I've
used much longer btw.....
Nobody knows the trouble I've seen, nobody knows has the trouble seen me, even I sometimes wonder why I write these line
1.) A message that will delete all the ringtones in the phone's memory except for a simple, inoffensive beep tone. The cell phone OS is modified so it will vulgarly insult them whenever they try to get the latest Britney Spears tune to play on their cell phone.
2.) A message that will simply explode all those phones that people use to talk like a bastardized two way radio with the annoying beep every time someone stops talking.
3.) A message that causes the cellphone to emit sterilizing radiation at an especially idiotic user's genital regions. Helping Darwin along...
Number 3 is, sadly, only a dream. Number 1 is almost definitely impossible, especially when you only have about 120 characters in the SMS message. Number 2 might be possible, just target the specific models of phones that support this "feature". Get to work, l33t |-|@xx0rs.
(Although I do own a cellphone, I use it less in a month than half the other cellphone owners use it in a day. The ringtone it is set to is a simple unannoying beep. Usually it is off anyway so that no one can call me.)
Tim
Omnia vestra castrorum habetur nobis.
something like this has to happen. Anyone know if Nokia 8260's are vulnerable, and if it's possible to turn SMS off?
I Agree.
In Australia we have one of the lowest population densities in the world - only 19 million people across an area slightly smaller than the US, yet we have some of the best GSM coverage in the world, with some of the best GSM networks.
Take a look at the coverage on Australia's second largest network Optus.
We also have CDMA - but that sucks in buildings.
That throws the whole population-density argument out the window.
My Nokia 5165 (like many other cell phones) has the ability for you to upload new ring tones and other delightful things to it. First, I was playing around with a few web sites that existed. Then I got ahold of the logic and created my own.
In my case, all I had to do was to send an email to mytelephonenumber@mobile.att.net, and it would be processed by the phone. (Great way to act as a pager, too.)
In my experiment with music ring tones, I found that it was quite easy to accidently craft a message (in my case, a new ring tone) that is malformed. And it actually hung my cell phone up.
I probably should have published this as a cool DOS attack, but then again, I really didn't know WHERE to public cell phone DOS attacks, much less what could be done to counter it, so I kept it to myself.
Play around enough, though, and you'll find your own special email you can send to a cell phone that'll lock it tight.
European and Asian countries for years have suffered under government run landline telephone companies. The government is inept at anything it tries to do, so you can imagine how long it took to get a landline installed. Wireless has allowed people to decrease their dependence on their government run and controlled wired
telephone network. The U.S. certainly has a lot of government regulation in regards to the wired telephone network, but no where near as bad as Europe or Asia. The technical quality of our landline network is excellent. Demand for wireless is therefore less.
Regardless of the technology, there will always be those who use it for good and those who use it for ill. It is impossible to predict just exactly how someone will use a tool without some sort of objective control source.
Case in point: how many ways can you use a simple 14' ethernet cable to kill someone?
The restriction on use should not be built into the technology, but rather built into the person, by their own conscience. It is up to the individual to determine, through trial and error, what works and what does not in the context of a society.
Sometimes the experiments fail and we wind up with hackers (colloquial usage) and terrorists. Sometimes you get professors and teachers.
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
Who's the bigger asshole? The one who exploits flaws in products or the one that releases products without checking for flaws that could be exploited?
I have the feeling that no matter how much they check, something will (almost) always slip by. When the technology is complicated enough, the product will always be released with bugs, sometimes exploitable. I don't think it would be appropiate to label the developers as bigger assholes than the exploiters.
Lots of technologies (software and otherwise) that are acknowledged by the public in general as the leaders on their field have had flaws at one time or another. The important thing is that they are acknowledged and corrected before the damage becomes too great.
No sig
I'd probably argue a lot of Gen 3 stuff is heavily influenced by the Asian markets, a lot more on the uptake than the American cellular market, and where they already have cellulars with data capacity of 2mbps.
Open Source. Closed Minds. We are Slashdot.
GSM is a technical solution to the problem of how do you keep the service inside your countries borders. This politial requirement makes for a very bad choice in places where you need huge coverage and have no problem of cross border calls. GSM is also only cost effective if you have a high density of people. The small cell sizes of GSM make it impossable to cover large rural areas effectively.
As an incidental point, perhaps one already mentioned, SMS is, after all, serendipity. It was included in the GSM protocol, as I recall, as a way of sending messages to the phone for configuration purposes from the network carrier. It caught the cell phone industries completely by surprise that SMS had uses for the cell phone public. CDMA/TDMA didn't need SMS because, funny enough, they had more sophisticated configuration protocols.
:-)
So it irkes me when people say behind the curve.
As far as targetting a specific phone using IP data its a little tricky because (at least in NZ) theyphones sit behind a masquarading gateway so they all carry the same IP for WAP purposes. If you got them to connect to your webserver you couldn't stream too much data before you hit the phones pitiful storage limit (just a few kb).
The masq thing is annoying for tracking web stats because its much harder to determine the number of unique visits when they all come from a single IP.
No, I did not read the f***ing article!
CDMA IS-95a is a standard that defines everything.
GSM also has a similar standard, but the word "GSM" does not define everything.
Virii were programmed in Assembly, and distributed thru real media like 5 1/4 floppies :)
"Wireless : LAN
I have the feeling that no matter how much they check, something will (almost) always slip by. When the technology is complicated enough, the product will always be released with bugs, sometimes exploitable. I don't think it would be appropiate to label the developers as bigger assholes than the exploiters.
If you read the article, you would have known that Nokea has been aware of this problem for a while and aparently has done nothing to correct it. And this is not a matter of a bug that causes the phone to drop a connection; the phone becomes permantly useless.
Besides, an explot like this is something that should have been looked for. Why? There are several examples of "malformed data" causing problems with software (most notably web browsers).
Note that I didn't say white hats or hackers were the assholes. The black hats, script kiddies, and other criminals who misuse and abuse technologies are the assholes.
.Net/Passport stuff. Nokea seems to being taking the same route here. The linked article suggests that Nokea knew about the problem but didn't do anything about it. Sounds like Microsoft's plan, doesn't it?
You didn't really say much at all, just that you wondered why "assholes" must ruin new technology. You did not differentiate between those that find flaws or the ones that explot flaws for badness.
How this ever became a Microsoft bashing thread is beyond me. Will it gain you karma?
I mentioned Microsoft as an example. Microsoft wants security flaws kept under cover (see this story), presumably to prevent a bad light from being put on their products, especially with the "just trust us" idea of their
Yup. And the funny thing is that this thing was created "accidentally" and now it's a big business. People are trying to recreate the success of SMS artificially with various technologies, services and such. I say they are doomed to fail.
If you want a new killer app to your cell phone, let's have a phone with Java or something and an open network API. That way you don't have to implement instant messaging or anything in hardware, just let the user community do it :-)
does it need to?
:)
MOST of our continent is uninhabitable
if you need coverage in the middle of a desert then get a satellite phone
This is old news. Job showed the very same bug at HAL2001, on his "SMS security" session on friday 10th 2001, 16:00.
;)
Just goes to show that TheRegister apparently missed a great hacker conference
yeah, most of my calls are a quick 30 second affair ie, 'I'm on my way home now' or 'I'll be a bit late' etc, I reserve the big talking for my free minutes. That's exactly why I love SMS, no need to interrupt someone to get them to the phone, just txt them and they can read it when they like and it doesn't demand an immediate response..
Does not the DMCA make it illegal for this researcher to tell Nokia about the fault in their phone, meaning that this bug cannot legally be fixed?
It is very rare I dont get a full signal, indoors or outdoors, in a car, in a tunnel etc. Anywhere in the UK - be it a field in shropshire or the tower bridge.
The only place I have noticed my lack of signal, in the last 4 years, was in a gully with walls arround me, a near steep ice slope above & below me, and behind me about 500m to another hill.
When I got to the top I had a signal perfectly again.
This articleshows how SMS can be useful in emergencies, places with bad coverage,etc.
for great justice
Well in Denmark we have 99,8% coverage by our largest phone company. using GSM phones. Some phonecompanies might only have 50% coverage, but then they make some roaming-like deals with the companies that cover the parts they miss
Yes, and that was more than ten years ago. My point is that the worm has completely turned.
There is a simple solution for this: a packet filtering modue at the operator's SMS software. And since Nokia wouldn't like their mobile phones to crash, they will of cource gladly supply such a patch, right :)
Since you can't update every single terminal (ie phone), you would have to filter out the bad messages at the operator. And why not. After all, that's the logical place.
It's just like bad packets get filtered out at the filewall/switch and not at the workstation.