sms crash

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]

Archivio: Dicembre 2001 ml@sikurezza.org
Soggetto: sms crash
Mittente: scai
Data: 2 Dec 2001 01:51:13 -0000

 riporto :

How to crash a phone by SMS
By John Leyden
Posted: 28/11/2001 at 18:20 GMT
So now you can send an SMS and crash a mobile phone, so that the user is
locked out.

Job de Haas, a security researcher at ITSX, has adapted a program called
sms_client, which sends an SMS message from an Internet-connected PC, in
which the User Data Header is broken.

During a presentation during the Black Hat conference last week, he
demonstrated how a malformed message crashes a Nokia 6210 phone on its
receipt. Once the message is received it is impossible to turn on an
infected phone again.

The vulnerability is tied to the software used by a phone. The flaw affects
Nokia 6210, 3310 and 3330 phones, de Haas has discovered, but not a Siemens
phone he tried. Phones from other manufacturers are yet to be tested.

To fix the problem users have to put a SIM card into a phone without the
bug. Alternatively if the SMS message is registered in a user's In-box this
could be deleted with a SMS management tool on a PC.

To repeat the exploit requires knowledge of SS7 signalling and telco
protocols to adapt sms_client into an attack tool. But given the power of
the attack security through obscurity doesn't appeal. The kicker is that the
modified sms_client makes it trivial to spoof the source of any attack.

Nokia told us that sending a message which freezes a phone is "something it
encountered" before. The company is unfamiliar with the exploit uncovered by
ITSX, which comes as a new twist even to clued-up Black Hat attendees. It
promises to get us a more detailed technical response, and we'll update you
when this becomes available. Ž

http://www.itsx.com/home-index.html = apparentemente non c'e' nulla.
http://www.punto-informatico.it/p.asp?i=38237 = la notizia qua riportata
 -- cut - cut - cut - cut - cut - cut - cut - cut - cut - cut - cut

Pur non interessandomi per nulla di far crashare GSM altrui, sarei ALQUANTO
curioso di sapere come hanno forgiato il PDU "malizioso" ... dire solo che
l'UDH e' malformato e' un po poco...
Attorno alla codifica UCP (e anche TAP ,ma poco) + nokia (ma "purtroppo" un
6110) ci giocai parecchio...  scoprii poi, parallelamente a jack mckrak, che
se ne usci' con un interessante articolo su BFi tra l'altro :)
Anchio come lui ero convinto che forgiando male un qualche pacchetto
qualcosa sarebbe crashato... ma sul mio 6110 niente :P
Ora sarei proprio curioso di sapere cosa hanno fatto di preciso...
Sul sito del BlackHat non c'e' praticamente nulla (la presentazione in ppt
non l'ho ancora presa perche non ho poorpoint installato qui... cmq immagino
non ci sia niente di useful)

Qualcuno affiliato a 0super3ll3t group puo mandare/mandarmi qualcosa in piu
, grazie? :)


________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List

Data:
- precedente: Fw: ACM TechNews - Friday, November 30, 2001, Raistlin
- successivo: Re: OpenBSD 3.0 out (?), Lorenzo Martignoni
- indice

Argomento:
- precedente: Fw: ACM TechNews - Friday, November 30, 2001, Raistlin
- successivo: Re: OpenBSD 3.0 out (?), Lorenzo Martignoni
- indice

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005